cleantalk
Vulnerabilities and Security Researches

Vitepos – Point of sale (POS) plugin for WooCommerce, CVE-2026-8157

CVE, Research URL

CVE-2026-8157

Home page URL

Security reports for Vitepos – Point of sale (POS) plugin for WooCommerce

Application

Vitepos – Point of sale (POS) plugin for WooCommerce

Published on
Jun 22, 2026
Research Description
The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator.
Affected versions
max 3.4.2.
Status
vulnerable
Previous vulnerability researches
WPExperts Square For GiveWP (CVE-2024-13713) , Feb 22, 2025
WPExperts Square For GiveWP (CVE-2024-47338) , Sep 30, 2024
New vulnerability
Motors – Car Dealer, Classifieds & Listing (CVE-2026-7859) , Jun 24, 2026
Vitepos – Point of sale (POS) plugin for WooCommerce (CVE-2026-8157) , Jun 24, 2026
Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Conten (CVE-2026-10530) , Jun 24, 2026
Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator (CVE-2026-54847) , Jun 23, 2026
Backup and Staging by WP Time Capsule (CVE-2020-37255) , Jun 23, 2026