cleantalk
Vulnerabilities and Security Researches

Vitepos – Point of sale (POS) plugin for WooCommerce, CVE-2026-8157

CVE, Research URL

CVE-2026-8157

Home page URL

Security reports for Vitepos – Point of sale (POS) plugin for WooCommerce

Application

Vitepos – Point of sale (POS) plugin for WooCommerce

Published on
Jun 22, 2026
Research Description
The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator.
Affected versions
max 3.4.2.
Status
vulnerable
Previous vulnerability researches
Product Catalog – Catalog for WordPress (CVE-2025-30524) , Mar 28, 2025
New vulnerability
Paymob for WooCommerce (CVE-2026-56025) , Jun 24, 2026
Motors – Car Dealer, Classifieds & Listing (CVE-2026-7859) , Jun 24, 2026
Vitepos – Point of sale (POS) plugin for WooCommerce (CVE-2026-8157) , Jun 24, 2026
Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Conten (CVE-2026-10530) , Jun 24, 2026
Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator (CVE-2026-54847) , Jun 23, 2026