VYPR

Vitepos Lite

by WordPress

Source repositories

CVEs (6)

  • CVE-2025-22277HigApr 1, 2025
    risk 0.57cvss 8.8epss 0.00

    Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos vitepos-lite allows Authentication Abuse.This issue affects Vitepos: from n/a through <= 3.1.4.

  • CVE-2025-13156HigNov 21, 2025
    risk 0.50cvss 8.8epss 0.01

    The Vitepos – Point of Sale (POS) for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insert_media_attachment() function in all versions up to, and including, 3.3.0. This is due to the…

  • CVE-2025-39535HigApr 17, 2025
    risk 0.47cvss 7.2epss 0.00

    Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos vitepos-lite allows Authentication Abuse.This issue affects Vitepos: from n/a through <= 3.1.7.

  • CVE-2025-26750MedFeb 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in appsbd Vitepos vitepos-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vitepos: from n/a through <= 3.1.3.

  • CVE-2024-33574MedMay 8, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in appsbd Vitepos.This issue affects Vitepos: from n/a through 3.0.1.

  • CVE-2026-8157Jun 22, 2026
    risk 0.00cvss epss 0.00

    The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to…