Woocommerce Pos
Monthly
Unauthorized information disclosure in the WooCommerce POS WordPress plugin (versions 1.8.14 and earlier) allows remote unauthenticated attackers to access protected resources due to missing authorization checks. The CVSS 3.1 score of 7.5 reflects high confidentiality impact with no integrity or availability effect, and no public exploit identified at time of analysis. The flaw was disclosed by Patchstack and aligns with CWE-862 (Missing Authorization), a common pattern in WordPress plugin endpoints that omit capability checks.
Unauthorized information disclosure in the WooCommerce POS WordPress plugin (versions 1.8.14 and earlier) allows remote unauthenticated attackers to access protected resources due to missing authorization checks. The CVSS 3.1 score of 7.5 reflects high confidentiality impact with no integrity or availability effect, and no public exploit identified at time of analysis. The flaw was disclosed by Patchstack and aligns with CWE-862 (Missing Authorization), a common pattern in WordPress plugin endpoints that omit capability checks.