Skip to main content

Woocommerce Pos

1 CVEs product

Monthly

CVE-2026-52711 HIGH This Week

Unauthorized information disclosure in the WooCommerce POS WordPress plugin (versions 1.8.14 and earlier) allows remote unauthenticated attackers to access protected resources due to missing authorization checks. The CVSS 3.1 score of 7.5 reflects high confidentiality impact with no integrity or availability effect, and no public exploit identified at time of analysis. The flaw was disclosed by Patchstack and aligns with CWE-862 (Missing Authorization), a common pattern in WordPress plugin endpoints that omit capability checks.

Authentication Bypass WordPress Woocommerce Pos
NVD
CVSS 3.1
7.5
EPSS
0.4%
EPSS 0% CVSS 7.5
HIGH This Week

Unauthorized information disclosure in the WooCommerce POS WordPress plugin (versions 1.8.14 and earlier) allows remote unauthenticated attackers to access protected resources due to missing authorization checks. The CVSS 3.1 score of 7.5 reflects high confidentiality impact with no integrity or availability effect, and no public exploit identified at time of analysis. The flaw was disclosed by Patchstack and aligns with CWE-862 (Missing Authorization), a common pattern in WordPress plugin endpoints that omit capability checks.

Authentication Bypass WordPress Woocommerce Pos
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy