cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forvitepos-lite vitepos-lite

Direction: ascending
Jun 06, 2024

Vitepos – Point of sale (POS) plugin for WooCommerce # CVE-2024-33574

CVE, Research URL

CVE-2024-33574

Home page URL

Security reports for Vitepos – Point of sale (POS) plugin for WooCommerce

Application

Vitepos – Point of sale (POS) plugin for WooCommerce

Date
May 08, 2024
Research Description
Missing Authorization vulnerability in appsbd Vitepos.This issue affects Vitepos: from n/a through 3.0.1.
Affected versions
max 3.0.2.
Status
vulnerable
Feb 21, 2025

Vitepos – Point of sale (POS) plugin for WooCommerce # CVE-2025-26750

CVE, Research URL

CVE-2025-26750

Home page URL

Security reports for Vitepos – Point of sale (POS) plugin for WooCommerce

Application

Vitepos – Point of sale (POS) plugin for WooCommerce

Date
Feb 22, 2025
Research Description
Missing Authorization vulnerability in appsbd Vitepos allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Vitepos: from n/a through 3.1.3.
Affected versions
max 3.1.4.
Status
vulnerable
Apr 03, 2025

Vitepos – Point of sale (POS) plugin for WooCommerce # CVE-2025-22277

CVE, Research URL

CVE-2025-22277

Home page URL

Security reports for Vitepos – Point of sale (POS) plugin for WooCommerce

Application

Vitepos – Point of sale (POS) plugin for WooCommerce

Date
Apr 01, 2025
Research Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos allows Authentication Abuse. This issue affects Vitepos: from n/a through 3.1.4.
Affected versions
max 3.1.5.
Status
vulnerable
Apr 19, 2025

Vitepos – Point of sale (POS) plugin for WooCommerce # CVE-2025-39535

CVE, Research URL

CVE-2025-39535

Home page URL

Security reports for Vitepos – Point of sale (POS) plugin for WooCommerce

Application

Vitepos – Point of sale (POS) plugin for WooCommerce

Date
Apr 17, 2025
Research Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos allows Authentication Abuse. This issue affects Vitepos: from n/a through 3.1.7.
Affected versions
max 3.1.8.
Status
vulnerable
Dec 11, 2025

Vitepos – Point of sale (POS) plugin for WooCommerce # CVE-2025-13156

CVE, Research URL

CVE-2025-13156

Home page URL

Security reports for Vitepos – Point of sale (POS) plugin for WooCommerce

Application

Vitepos – Point of sale (POS) plugin for WooCommerce

Date
Nov 21, 2025
Research Description
The Vitepos – Point of Sale (POS) for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insert_media_attachment() function in all versions up to, and including, 3.3.0. This is due to the save_update_category_img() function accepting user-supplied file types without validation when processing category images. This makes it possible for authenticated attackers, with subscriber level access and above, to upload arbitrary files on the affected site's server which makes remote code execution possible.
Affected versions
max 3.3.1.
Status
vulnerable