Skip to main content

POS Entegratör CVE-2026-57688

| EUVDEUVD-2026-41297 HIGH
Missing Authorization (CWE-862)
2026-07-02 Patchstack GHSA-52qw-w4c5-82h4
8.2
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
vuln.today AI
8.2 HIGH

Unauthenticated network endpoint with missing authorization (PR:N/UI:N/AC:L); impact is unauthorized modification (I:H) and minor disruption (A:L) with no disclosure (C:N).

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jul 02, 2026 - 12:25 vuln.today

DescriptionCVE.org

Unauthenticated Broken Access Control in POS Entegratör <= 3.7.103 versions.

AnalysisAI

Missing authorization in the POS Entegratör WordPress plugin (versions <= 3.7.103, vendor gurmehub) lets unauthenticated remote attackers reach privileged plugin functions that lack capability checks, enabling unauthorized modification of data with limited service disruption. The flaw is remotely reachable with no authentication or user interaction (CVSS 8.2), but has no confidentiality impact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify WordPress site running POS Entegratör
Delivery
Locate unauthenticated plugin endpoint
Exploit
Send crafted request without auth
Execution
Bypass missing authorization check
Impact
Modify plugin/store data (integrity impact)

Vulnerability AssessmentAI

Exploitation Exploitation requires that the vulnerable POS Entegratör plugin (version <= 3.7.103) be installed and active on an internet-reachable WordPress site; per the CVSS vector (AV:N/AC:L/PR:N/UI:N) no authentication, no user interaction, and no special non-default configuration are required to reach the missing-authorization endpoint. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L, score 8.2) indicates an easily reachable, unauthenticated network attack with high integrity impact and low availability impact, but explicitly no confidentiality impact - consistent with a broken access control write/modify primitive rather than data disclosure. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An anonymous attacker enumerates the target WordPress site, identifies the POS Entegratör plugin, and sends a crafted HTTP request directly to one of its unauthenticated action handlers. Because the handler performs no capability check (CWE-862), the request executes a privileged operation and modifies plugin or store data without any login. …
Remediation No vendor-released patch version is identified in the provided data; the input only confirms versions <= 3.7.103 are vulnerable, so administrators should consult the Patchstack advisory (https://patchstack.com/database/wordpress/plugin/pos-entegrator/vulnerability/wordpress-pos-entegratoer-plugin-3-7-103-broken-access-control-vulnerability) and upgrade to the next release that Patchstack/the vendor marks as fixed once available. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Audit all WordPress installations for POS Entegratör plugin versions ≤3.7.103; if operationally feasible, immediately deactivate and remove the plugin. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-57688 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy