Vulnerabilities and security researches formrkv-vchasno-kasa mrkv-vchasno-kasa

Jul 19, 2025

CVE, Research URL: CVE-2025-6721
Home page URL: Security reports for Vchasno Kasa
Application: Vchasno Kasa
Date: Jul 19, 2025
Research Description: The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the mrkv_vchasno_kasa_wc_do_metabox_action() function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to generate invoices for arbitrary orders.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2025-6720
Home page URL: Security reports for Vchasno Kasa
Application: Vchasno Kasa
Date: Jul 19, 2025
Research Description: The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_all_log() function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to clear log files.
Affected versions: Min -, max -.
Status: vulnerable