CVE-2025-13156P2HIGHCVSS 8.8≤ 3.3.02025-11-21
CVE-2025-13156 [HIGH] CWE-434 CVE-2025-13156: The Vitepos – Point of Sale (POS) for WooCommerce plugin for WordPress is vulnerable to arbitrary fi
The Vitepos – Point of Sale (POS) for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insert_media_attachment() function in all versions up to, and including, 3.3.0. This is due to the save_update_category_img() function accepting user-supplied file types without validation when proce
nvd