EUVD-2026-37048

Unauthenticated Broken Access Control in WooCommerce POS = 1.8.14 versions...

CVE-2025-13156 Vitepos – Point of Sale (POS) for WooCommerce <= 3.3.0 - Authenticated (Subscriber+) Arbitrary File Upload to Remote Code Execution

The Vitepos – Point of Sale POS for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insertmediaattachment function in all versions up to, and including, 3.3.0. This is due to the saveupdatecategoryimg function accepting...

EUVD-2024-34329

Malicious code in bioql PyPI...

EUVD-2024-16492

Malicious code in bioql PyPI...

WordPress plugin WooCommerce Point Of Sale SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

CVE-2024-13513

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data including the plugin's...

CVE-2024-13513 Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.2.3 - Sensitive Information Exposure to Privilege Escalation

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data including the plugin's...

CVE-2024-11281 WooCommerce Point of Sale <= 6.1.0 - Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change

The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. This is due to insufficient validation on the 'loggedinuserid' value when option values are empty and the ability for attackers to change the email of arbitrary us...

CVE-2024-11281 WooCommerce Point of Sale <= 6.1.0 - Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change

The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. This is due to insufficient validation on the 'loggedinuserid' value when option values are empty and the ability for attackers to change the email of arbitrary us...

CVE-2024-11281

CVE-2024-11281 affects WooCommerce Point of Sale for WordPress. The vulnerability arises from insufficient validation of the logged_in_user_id value when option values are empty, enabling change of email on arbitrary user accounts (including administrators) and password resets. Affected versions ...

WordPress plugin WooCommerce Point of Sale 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WooCommerce Point of Sale plugin <= 6.1.0 - Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change vulnerability

Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change vulnerability discovered by Tonn in WordPress Plugin WooCommerce Point of Sale versions = 6.1.0...