44 matches found
WordPress Vitepos plugin <= 3.3.0 - Authenticated (Subscriber+) Arbitrary File Upload to Remote Code Execution vulnerability
Authenticated Subscriber+ Arbitrary File Upload to Remote Code Execution vulnerability discovered by Moose Love - Nagasaki Prefectural University in WordPress Plugin Vitepos versions = 3.3.0...
CVE-2025-13156
The Vitepos – Point of Sale POS for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insertmediaattachment function in all versions up to, and including, 3.3.0. This is due to the saveupdatecategoryimg function accepting...
CVE-2025-13156
The Vitepos – Point of Sale POS for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insertmediaattachment function in all versions up to, and including, 3.3.0. This is due to the saveupdatecategoryimg function accepting...
CVE-2025-13156 Vitepos – Point of Sale (POS) for WooCommerce <= 3.3.0 - Authenticated (Subscriber+) Arbitrary File Upload to Remote Code Execution
The Vitepos – Point of Sale POS for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insertmediaattachment function in all versions up to, and including, 3.3.0. This is due to the saveupdatecategoryimg function accepting...
EUVD-2025-198394
The Vitepos – Point of Sale POS for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insertmediaattachment function in all versions up to, and including, 3.3.0. This is due to the saveupdatecategoryimg function accepting...
CVE-2025-13156
CVE-2025-13156 (Vitepos – POS for WooCommerce) In WordPress, versions up to 3.3.0 permit authenticated (Subscriber+) arbitrary file uploads via the insert_media_attachment/save_update_category_img path due to missing file-type validation when processing category images. This can lead to remote co...
PT-2025-47711
Name of the Vulnerable Software and Affected Versions Vitepos – Point of Sale POS for WooCommerce versions up to and including 3.3.0 Description The Vitepos – Point of Sale POS for WooCommerce plugin for WordPress is susceptible to arbitrary file uploads due to a lack of file type validation with...
WordPress plugin Vitepos 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
EUVD-2024-31311
Malicious code in bioql PyPI...
EUVD-2025-4426
Malicious code in bioql PyPI...
EUVD-2025-9113
Malicious code in bioql PyPI...
EUVD-2025-11742
Malicious code in bioql PyPI...
CVE-2024-33574
Missing Authorization vulnerability in appsbd Vitepos.This issue affects Vitepos: from n/a through 3.0.1...
CVE-2025-39535
Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos vitepos-lite allows Authentication Abuse.This issue affects Vitepos: from n/a through = 3.1.7...
CVE-2025-39535
Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos vitepos-lite allows Authentication Abuse.This issue affects Vitepos: from n/a through = 3.1.7...
CVE-2025-39535 WordPress Vitepos <= 3.1.7 - Broken Authentication Vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos allows Authentication Abuse. This issue affects Vitepos: from n/a through 3.1.7...
CVE-2025-39535 WordPress Vitepos plugin <= 3.1.7 - Broken Authentication Vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos vitepos-lite allows Authentication Abuse.This issue affects Vitepos: from n/a through = 3.1.7...
CVE-2025-39535
Summary: CVE-2025-39535 describes an authentication bypass in WordPress Vitepos (Vitepos-lite) versions up to 3.1.7, enabling authentication abuse via an alternate path or channel. The issue is rated CVSSv3.1 base score 7.2 (Network attack vector, Low attack complexity, Privileges required: High,...
WordPress Vitepos plugin <= 3.1.7 - Broken Authentication Vulnerability
Broken Authentication Vulnerability discovered by astra.r3verii in WordPress Plugin Vitepos versions = 3.1.7...
WordPress plugin Vitepos 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...