WP-Safety

Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) Security & Risk Analysis

wordpress.org/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders

Manage and sell (POS) your inventory. It reads barcodes & finds woocommerce products/orders. Create orders right from the wp-admin.

1K active installs v1.11.0 PHP 7.2+ WP 4.0.1+ Updated Nov 7, 2025
barcodeinventorypoint-of-saleposscanner
75
B · Generally Safe
CVEs total14
Unpatched0
Last CVEOct 15, 2025
Plugin page Download
Safety Verdict

Is Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) Safe to Use in 2026?

Mostly Safe

Score 75/100

Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) is generally safe to use. 14 past CVEs were resolved. Keep it updated.

14 known CVEsLast CVE: Oct 15, 2025Updated 4mo ago
Risk Assessment

This plugin exhibits a concerning security posture due to a significant number of unprotected entry points and a history of numerous, severe vulnerabilities. The static analysis reveals 6 out of 10 total entry points lack authentication checks, including all 6 AJAX handlers. This immediately exposes the plugin to potential abuse by unauthenticated users. Furthermore, the presence of the `unserialize` function, a known vector for remote code execution when handling untrusted input, is a critical red flag. The taint analysis identifies 2 high-severity flows, indicating potential pathways for malicious data manipulation or exploitation.

While the plugin shows some positive signs like the use of prepared statements for a majority of SQL queries and a relatively high percentage of properly escaped output, these strengths are overshadowed by its historical vulnerability patterns. The plugin has a history of 14 CVEs, including critical and high-severity issues such as Path Traversal, Information Exposure, SQL Injection, and CSRF. The commonality of these vulnerability types suggests recurring weaknesses in input validation and authorization logic. The most recent vulnerability reported in 2025 is concerning, indicating a continued struggle to maintain a secure codebase. Overall, while efforts are made in certain areas of security, the substantial number of unprotected entry points and the extensive vulnerability history paint a picture of a high-risk plugin that requires immediate attention and remediation.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous function 'unserialize' found
  • High severity taint flows identified
  • Large number of total CVEs
  • Previous critical severity CVEs
  • Previous high severity CVEs
  • Common vulnerability types (Path Traversal, SQLi, etc.)
  • Missing nonce checks
  • Limited capability checks
  • Unsanitized paths in taint flows
Vulnerabilities
14

Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) Security Vulnerabilities

CVEs by Year

11 CVEs in 2024
2024
3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
3
High
3
Medium
7
Low
1

14 total CVEs

CVE-2025-58972low · 2.7Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Barcode Scanner with Inventory & Order Manager <= 1.10.4 - Authenticated (Shop Manager+) Directory Traversal

Oct 15, 2025 Patched in 1.10.5 (15d)
CVE-2025-54715medium · 4.9Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Barcode Scanner with Inventory & Order Manager <= 1.9.0 - Authenticated (Admin+) Arbitrary File Download

Aug 14, 2025 Patched in 1.9.1 (5d)
CVE-2025-22723high · 7.2Unrestricted Upload of File with Dangerous Type

Barcode Scanner with Inventory & Order Manager <= 1.6.7 - Authenticated (Admin+) Arbitrary File Upload

Jan 15, 2025 Patched in 1.7.0 (7d)
CVE-2024-54265medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Barcode Scanner with Inventory & Order Manager <= 1.6.6 - Reflected Cross-Site Scripting

Dec 10, 2024 Patched in 1.6.7 (9d)
CVE-2024-38708high · 8.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Barcode Scanner with Inventory & Order Manager <= 1.6.1 - Authenticated (Subscriber+) SQL Injection

Jul 11, 2024 Patched in 1.6.2 (7d)
CVE-2024-34556medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Barcode Scanner with Inventory & Order Manager <= 1.5.4 - Unauthenticated Information Exposure

May 7, 2024 Patched in 1.5.5 (9d)
CVE-2024-34557medium · 4.3Cross-Site Request Forgery (CSRF)

Barcode Scanner with Inventory & Order Manager <= 1.5.4 - Cross-Site Request Forgery

May 7, 2024 Patched in 1.5.5 (9d)
CVE-2024-2661high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Barcode Scanner with Inventory & Order Manager <= 1.5.4 - Authenticated (Subscriber+) SQL Injection

Apr 30, 2024 Patched in 1.5.5 (3d)
CVE-2024-33565medium · 5.3Missing Authorization

Barcode Scanner with Inventory & Order Manager <= 1.5.3 - Missing Authorization

Apr 25, 2024 Patched in 1.5.4 (7d)
CVE-2024-33567critical · 9.8Improper Privilege Management

Barcode Scanner with Inventory & Order Manager <= 1.5.3 - Unauthenticated Privilege Escalation

Apr 25, 2024 Patched in 1.5.4 (7d)
CVE-2024-32589medium · 6.4Missing Authorization

Barcode Scanner with Inventory & Order Manager <= 1.5.3 - Missing Authorization

Apr 16, 2024 Patched in 1.5.4 (8d)
CVE-2024-27998medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Barcode Scanner with Inventory & Order Manager <= 1.5.3 - Reflected Cross-Site Scripting

Mar 15, 2024 Patched in 1.5.4 (6d)
CVE-2023-52221critical · 9.8Unrestricted Upload of File with Dangerous Type

Barcode Scanner with Inventory & Order Manager <= 1.5.1 - Unauthenticated Arbitrary File Upload via uploadFile

Jan 8, 2024 Patched in 1.5.2 (15d)
CVE-2023-52215critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Barcode Scanner with Inventory & Order Manager <= 1.5.1 - Unauthenticated SQL Injection via userToken

Jan 8, 2024 Patched in 1.5.2 (15d)
Code Analysis
Analyzed Mar 16, 2026

Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) Code Analysis

Dangerous Functions
3
Raw SQL Queries
61
126 prepared
Unescaped Output
413
704 escaped
Nonce Checks
1
Capability Checks
1
File Operations
17
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

unserialize$availablePlugins = $option && $option->option_value ? unserialize($option->option_value) : array();request.php:70
unserialize$ids = @unserialize($postTranslations[0]->description);src\API\classes\Polylang.php:34
unserialize$serverData = @unserialize($request['body']);src\features\updater\WpAutoUpdate.php:149

Bundled Libraries

jQuery

SQL Query Safety

67% prepared187 total queries

Output Escaping

63% escaped1117 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

10 flows6 with unsanitized paths
handleConfigs (src\Core.php:572)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) Attack Surface

Entry Points10
Unprotected6

AJAX Handlers 6

authwp_ajax_usbs_authsrc\Core.php:213
noprivwp_ajax_usbs_authsrc\Core.php:214
authwp_ajax_usbs_auth_otpsrc\Core.php:215
noprivwp_ajax_usbs_auth_otpsrc\Core.php:216
authwp_ajax_usbs_auth_linksrc\Core.php:217
noprivwp_ajax_usbs_auth_linksrc\Core.php:218

Shortcodes 4

[barcode-scanner-popup] src\features\frontend\Frontend.php:121
[barcode-scanner-popup] src\features\frontend\Frontend.php:126
[barcode-scanner-popup] src\features\frontend\Frontend.php:131
[barcode-scanner-popup] src\features\frontend\Frontend.php:135
WordPress Hooks 115
filterwpss_misc_form_spam_check_bypassbarcode-scanner.php:48
actionwpmu_new_blogbarcode-scanner.php:59
actioninitbarcode-scanner.php:67
filteroption_active_pluginsrequest.php:108
filtersite_option_active_pluginsrequest.php:109
filteractive_pluginsrequest.php:110
filteroption_woocommerce_new_order_settingssrc\API\actions\CartScannerActions.php:1349
filteroption_woocommerce_cancelled_order_settingssrc\API\actions\CartScannerActions.php:1350
filteroption_woocommerce_failed_order_settingssrc\API\actions\CartScannerActions.php:1351
filteroption_woocommerce_dokan_vendor_new_order_settingssrc\API\actions\CartScannerActions.php:1352
filteroption_woocommerce_dokan_vendor_completed_order_settingssrc\API\actions\CartScannerActions.php:1353
filterwoocommerce_email_enabled_new_ordersrc\API\actions\CartScannerActions.php:1355
filteroption_woocommerce_customer_processing_order_settingssrc\API\actions\CartScannerActions.php:1365
filteroption_woocommerce_customer_completed_order_settingssrc\API\actions\CartScannerActions.php:1366
filteroption_woocommerce_customer_on_hold_order_settingssrc\API\actions\CartScannerActions.php:1367
filteroption_woocommerce_customer_refunded_order_settingssrc\API\actions\CartScannerActions.php:1368
filteroption_woocommerce_customer_note_settingssrc\API\actions\CartScannerActions.php:1369
filteroption_woocommerce_customer_reset_password_settingssrc\API\actions\CartScannerActions.php:1370
filteroption_woocommerce_customer_new_account_settingssrc\API\actions\CartScannerActions.php:1371
filteroption_woocommerce_lmfwc_email_customer_deliver_license_keys_settingssrc\API\actions\CartScannerActions.php:1372
filteroption_woocommerce_customer_paid_for_order_settingssrc\API\actions\CartScannerActions.php:1373
filterwoocommerce_email_enabled_customer_processing_ordersrc\API\actions\CartScannerActions.php:1375
filterscanner_fulfillment_stepsrc\API\actions\OrdersActions.php:124
filterscanner_filter_cart_item_pricesrc\API\AjaxRoutes.php:39
actioninitsrc\API\classes\Integrations.php:19
actioninitsrc\API\classes\Integrations.php:21
actioninitsrc\API\classes\Integrations.php:24
actioninitsrc\API\classes\Integrations.php:25
actioninitsrc\API\classes\Integrations.php:27
actioninitsrc\API\classes\Integrations.php:29
actioninitsrc\API\classes\Integrations.php:31
actioninitsrc\API\classes\Integrations.php:33
actioninitsrc\API\classes\Integrations.php:35
actioninitsrc\API\classes\Integrations.php:37
filterscanner_search_resultsrc\API\classes\Integrations.php:44
filterbarcode_scanner_wholesale_multi_user_pricing_get_aftersrc\API\classes\Integrations.php:69
filterbarcode_scanner_wholesale_multi_user_pricing_set_aftersrc\API\classes\Integrations.php:102
filterbarcode_scanner_atum_supplier_sku_get_aftersrc\API\classes\Integrations.php:139
filterbarcode_scanner_atum_supplier_sku_set_aftersrc\API\classes\Integrations.php:154
filterbarcode_scanner_atum_barcode_get_aftersrc\API\classes\Integrations.php:175
filterbarcode_scanner_atum_barcode_set_aftersrc\API\classes\Integrations.php:190
filterbarcode_scanner_atum_purchase_price_get_aftersrc\API\classes\Integrations.php:211
filterbarcode_scanner_atum_purchase_price_set_aftersrc\API\classes\Integrations.php:226
filterscanner_dropdown_atum_supplier_id_optionssrc\API\classes\Integrations.php:249
filterbarcode_scanner_atum_supplier_id_get_aftersrc\API\classes\Integrations.php:266
filterbarcode_scanner_atum_supplier_id_set_aftersrc\API\classes\Integrations.php:281
filterscanner_search_resultsrc\API\classes\Integrations.php:317
actionscanner_product_fields_filtersrc\API\classes\Integrations.php:333
filterscanner_search_resultsrc\API\classes\Integrations.php:358
actionbarcode_scanner__dokan_vendor_set_aftersrc\API\classes\Integrations.php:372
filterbarcode_scanner_user_fieldssrc\API\classes\Integrations.php:494
actionscanner_search_resultsrc\API\classes\Integrations.php:545
actionbarcode_scanner__sale_price_dates_from_set_aftersrc\API\classes\Integrations.php:563
actionbarcode_scanner__sale_price_dates_to_set_aftersrc\API\classes\Integrations.php:571
filterwf_pklist_modify_meta_datasrc\API\classes\Integrations.php:582
actionrest_api_initsrc\Core.php:59
actionwp_enqueue_mediasrc\Core.php:68
actioninitsrc\Core.php:75
actioninitsrc\Core.php:77
actionadmin_menusrc\Core.php:80
actionadmin_menusrc\Core.php:81
actioninitsrc\Core.php:84
actionshutdownsrc\Core.php:98
actionupdated_post_metasrc\Core.php:104
actionwoocommerce_save_product_variationsrc\Core.php:116
actiontransition_post_statussrc\Core.php:120
actionwp_insert_postsrc\Core.php:127
actioninitsrc\Core.php:133
filterwoocommerce_order_item_get_formatted_meta_datasrc\Core.php:159
filterwoocommerce_quantity_input_minsrc\Core.php:171
filterwoocommerce_quantity_input_stepsrc\Core.php:175
filterwoocommerce_order_item_get_quantitysrc\Core.php:179
actioninitsrc\Core.php:220
filteruser_has_capsrc\Core.php:225
actionadmin_enqueue_scriptssrc\Core.php:255
actioninitsrc\Core.php:266
actioninitsrc\features\admin\Admin.php:14
actionadmin_bar_menusrc\features\admin\Admin.php:31
filterwoocommerce_product_export_column_namessrc\features\export\Export.php:12
filterwoocommerce_product_export_product_default_columnssrc\features\export\Export.php:13
filterwoocommerce_product_export_product_column_usbs_barcode_fieldsrc\features\export\Export.php:14
actioninitsrc\features\export\Export.php:16
filterwoocommerce_product_export_product_default_columnssrc\features\export\Export.php:41
filterwoocommerce_account_menu_itemssrc\features\frontend\Frontend.php:55
actionwp_enqueue_scriptssrc\features\frontend\Frontend.php:58
actionwp_enqueue_scriptssrc\features\frontend\Frontend.php:79
filterinitsrc\features\frontend\FrontendRouter.php:31
filtershow_admin_barsrc\features\frontend\FrontendRouter.php:81
filterwoocommerce_csv_product_import_mapping_optionssrc\features\import\Import.php:14
filterwoocommerce_csv_product_import_mapping_default_columnssrc\features\import\Import.php:15
filterwoocommerce_product_import_inserted_product_objectsrc\features\import\Import.php:16
actionadmin_noticessrc\features\indexedData\IndexedData.php:14
actioninitsrc\features\locations\Locations.php:20
actionsave_postsrc\features\locations\Locations.php:23
actionwoocommerce_variation_options_pricingsrc\features\locations\Locations.php:24
actionwoocommerce_save_product_variationsrc\features\locations\Locations.php:25
actionadd_meta_boxessrc\features\locations\Locations.php:42
filterinitsrc\features\mobile\MobileRouter.php:31
actioninitsrc\features\orders\Orders.php:15
actionadmin_headsrc\features\orders\Orders.php:22
actionmanage_shop_order_posts_custom_columnsrc\features\orders\Orders.php:23
actionwoocommerce_shop_order_list_table_custom_columnsrc\features\orders\Orders.php:24
actioninitsrc\features\products\Products.php:16
actionwoocommerce_product_options_skusrc\features\products\Products.php:31
actionwoocommerce_process_product_metasrc\features\products\Products.php:32
actionwoocommerce_variation_options_pricingsrc\features\products\Products.php:34
actionwoocommerce_save_product_variationsrc\features\products\Products.php:35
actionpre_get_postssrc\features\products\Products.php:37
actioninitsrc\features\updater\Updater.php:16
filtersite_transient_update_pluginssrc\features\updater\WpAutoUpdate.php:34
filterplugins_apisrc\features\updater\WpAutoUpdate.php:37
actionadmin_initsrc\features\updater\WpAutoUpdate.php:39
actionadmin_noticessrc\features\updater\WpAutoUpdate.php:95
actionplugins_loadedsrc\PaymentCashCashier.php:3
filterwoocommerce_payment_gatewayssrc\PaymentCashCashier.php:73
Maintenance & Trust

Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 7, 2025
PHP min version7.2
Downloads39K

Community Trust

Rating100/100
Number of ratings52
Active installs1K
Alternatives

Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) Alternatives

WCPOS – Point of Sale (POS) plugin for WooCommerce

WCPOS – Point of Sale (POS) plugin for WooCommerce

woocommerce-pos

A
98

WCPOS is a simple application for taking orders at the Point of Sale (POS) using your WooCommerce store.

6K 2 CVEs
SimpanKira for WooCommerce

SimpanKira for WooCommerce

simpankira-for-woocommerce

A
85

SimpanKira integration for WooCommerce.

0 No CVEs
Vitepos – Point of Sale (POS) for WooCommerce

Vitepos – Point of Sale (POS) for WooCommerce

vitepos-lite

A
92

Fast, modern WooCommerce POS plugin for managing sales, outlets, and cashiers directly in WordPress.

2K 5 CVEs
wePOS – Point Of Sale (POS) for WooCommerce

wePOS – Point Of Sale (POS) for WooCommerce

wepos

A
100

WooCommerce point of sale WordPress plugin.

2K 1 CVE
Oliver POS – A WooCommerce Point of Sale (POS)

Oliver POS – A WooCommerce Point of Sale (POS)

oliver-pos

A
94

Oliver POS is a WooCommerce Point of Sale (POS) integrated into your shop. Always in sync with your e-commerce shop, Oliver POS lets you sell in-store &hellip;

1K 3 CVEs
Developer Profile

Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) Developer Profile

Dmitry V. (CEO of "UKR Solution")

5 plugins · 3K total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
18 days
View full developer profile
Detection Fingerprints

How We Detect Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/assets/css/barcode-scanner-lite-pos.css/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/assets/css/backend.css/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/assets/css/frontend.css/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/assets/css/loading.css/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/assets/js/barcode-scanner-lite-pos.js/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/assets/js/backend.js/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/assets/js/frontend.js/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/assets/js/settings.js
Script Paths
vendor/ckeditor/ckeditor/ckeditor.jsassets/js/frontend.jsassets/js/backend.jsassets/js/settings.jsassets/js/barcode-scanner-lite-pos.js
Version Parameters
/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/assets/css/barcode-scanner-lite-pos.css?ver=/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/assets/css/backend.css?ver=/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/assets/css/frontend.css?ver=/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/assets/css/loading.css?ver=/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/assets/js/barcode-scanner-lite-pos.js?ver=/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/assets/js/backend.js?ver=/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/assets/js/frontend.js?ver=/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/assets/js/settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
usbs-main-wrapperusbs-scanner-wrapperusbs-barcode-scanner-btn
HTML Comments
<!-- USBS-SCANNER-HTML-START --><!-- USBS-SCANNER-HTML-END -->
Data Attributes
data-usbs-actiondata-usbs-iddata-usbs-role
JS Globals
usbs_backend_paramsusbs_frontend_paramsusbs_settings_params
REST Endpoints
/wp-json/us-barcode-scanner/v1/products/wp-json/us-barcode-scanner/v1/orders/wp-json/us-barcode-scanner/v1/locations/wp-json/us-barcode-scanner/v1/logs/wp-json/us-barcode-scanner/v1/settings/wp-json/us-barcode-scanner/v1/scanner/wp-json/us-barcode-scanner/v1/sync
FAQ

Frequently Asked Questions about Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale)