WP-Safety

ConnectPOS | Point of Sale for WooCommerce Security & Risk Analysis

wordpress.org/plugins/connectpos-pos-system-for-woocommerce

ConnectPOS is a global-awarded Point of Sale (POS) tailor-made for WooCommerce users in Fashion industry. We are the Bronze winner of 2021 Stevie Awar …

80 active installs v25.03.03 PHP 7.0+ WP 5.4.0+ Updated Mar 3, 2025
fashion-pospoint-of-salepos-for-woocommercepos-pluginwoocommerce-pos
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is ConnectPOS | Point of Sale for WooCommerce Safe to Use in 2026?

Generally Safe

Score 92/100

ConnectPOS | Point of Sale for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The plugin "connectpos-pos-system-for-woocommerce" v25.03.03 exhibits a mixed security posture. On the positive side, the code shows good practices regarding SQL query handling, exclusively using prepared statements, and no critical or high-severity taint flows were identified, indicating a lack of obvious code injection or cross-site scripting vulnerabilities arising from complex data manipulation. Furthermore, there is no recorded vulnerability history, which is a strong indicator of a relatively stable and secure codebase over time.

However, significant concerns arise from the attack surface analysis. All seven REST API routes lack permission callbacks, meaning they are accessible and executable by any user, regardless of their role or logged-in status. This creates a substantial risk for unauthorized data access, manipulation, or unintended actions if these endpoints are not properly secured by other means within the WordPress environment. The absence of nonce checks and capability checks further exacerbates this risk, as there are no built-in mechanisms to verify user authorization for these entry points. The presence of file operations without further context is also a minor concern, although the absence of reported vulnerabilities and taint flows suggests it may not be exploitable in this version.

In conclusion, while the plugin demonstrates strengths in SQL security and a clean vulnerability history, the extensive unprotected REST API endpoints present a critical security weakness. This makes the plugin vulnerable to unauthorized access and potential misuse. Remediation efforts should focus immediately on implementing proper authorization checks for all exposed REST API routes.

Key Concerns

  • REST API routes without permission callbacks
  • No nonce checks
  • No capability checks
  • Unescaped output (18 total, 78% escaped)
Vulnerabilities
None known

ConnectPOS | Point of Sale for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

ConnectPOS | Point of Sale for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
4
14 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

78% escaped18 total outputs
Attack Surface
7 unprotected

ConnectPOS | Point of Sale for WooCommerce Attack Surface

Entry Points7
Unprotected7

REST API Routes 7

GET/wp-json/wc/v3rolesIntegration\Cpos_Customer.php:45
GET/wp-json/wc/v3gift-cardIntegration\Cpos_GiftCard.php:35
GET/wp-json/wc/v3order-refundsIntegration\Cpos_Order.php:108
GET/wp-json/wc/v3myparcel-exportIntegration\Cpos_Order.php:124
GET/wp-json/wc/v3reward-points-optionsIntegration\Cpos_RewardPoint.php:46
GET/wp-json/wc/v3/reward-pointsadjustIntegration\Cpos_RewardPoint.php:66
GET/wp-json/wc/v3timezoneIntegration\Cpos_WordPress.php:31
WordPress Hooks 51
actionactivated_pluginadmin\Cpos_Settings.php:41
actionadmin_headadmin\Cpos_Settings.php:42
actionadmin_menuadmin\Cpos_Settings.php:84
filterwoocommerce_adjust_non_base_location_pricesincludes\ConnectPOS.php:28
filterwoocommerce_order_hide_zero_taxesincludes\ConnectPOS.php:30
filterwoocommerce_rest_customer_queryIntegration\Cpos_Customer.php:30
actionuser_registerIntegration\Cpos_Customer.php:31
actionwoocommerce_new_customerIntegration\Cpos_Customer.php:32
actionwoocommerce_update_customerIntegration\Cpos_Customer.php:33
actionrest_api_initIntegration\Cpos_Customer.php:34
actionrest_api_initIntegration\Cpos_Customer.php:44
actionrest_api_initIntegration\Cpos_GiftCard.php:34
actionwoocommerce_order_after_calculate_totalsIntegration\Cpos_Order.php:76
actionwoocommerce_update_orderIntegration\Cpos_Order.php:79
actionwoocommerce_order_status_changedIntegration\Cpos_Order.php:82
actionwoocommerce_new_orderIntegration\Cpos_Order.php:84
filterwoocommerce_hidden_order_itemmetaIntegration\Cpos_Order.php:87
actionwoocommerce_before_order_itemmetaIntegration\Cpos_Order.php:89
filterwoocommerce_order_item_display_meta_keyIntegration\Cpos_Order.php:91
filterrest_request_before_callbacksIntegration\Cpos_Order.php:94
filterwoocommerce_find_ratesIntegration\Cpos_Order.php:96
actionwoocommerce_before_order_object_saveIntegration\Cpos_Order.php:98
actionwoocommerce_order_before_calculate_totalsIntegration\Cpos_Order.php:100
filterwoocommerce_prices_include_taxIntegration\Cpos_Order.php:102
filterwoocommerce_rest_prepare_shop_order_refund_objectIntegration\Cpos_Order.php:104
actionrest_api_initIntegration\Cpos_Order.php:107
actionwp_loadedIntegration\Cpos_Order.php:117
actionwoocommerce_admin_order_totals_after_totalIntegration\Cpos_Order.php:118
actionwoocommerce_rest_insert_shop_order_objectIntegration\Cpos_Order.php:119
actionrest_api_initIntegration\Cpos_Order.php:123
filterwpo_wcpdf_guest_access_enabledIntegration\Cpos_Order.php:131
filterwpo_wcpdf_check_privsIntegration\Cpos_Order.php:132
filterwc_myparcel_check_privsIntegration\Cpos_Order.php:133
filterwoocommerce_email_setup_localeIntegration\Cpos_Order.php:486
filterplugin_localeIntegration\Cpos_Order.php:495
filterlocaleIntegration\Cpos_Order.php:496
filtermanage_edit-shop_order_columnsIntegration\Cpos_Order.php:739
actionmanage_shop_order_posts_custom_columnIntegration\Cpos_Order.php:740
actionmanage_shop_order_posts_custom_columnIntegration\Cpos_Order.php:741
actionmanage_shop_order_posts_custom_columnIntegration\Cpos_Order.php:742
actionrest_api_initIntegration\Cpos_OrderStatus.php:45
actionrest_api_initIntegration\Cpos_Polylang.php:35
filterwoocommerce_rest_product_object_queryIntegration\Cpos_Product.php:36
filterwoocommerce_rest_prepare_product_objectIntegration\Cpos_Product.php:38
filterwoocommerce_rest_prepare_product_variation_objectIntegration\Cpos_Product.php:40
filterwoocommerce_rest_prepare_shop_order_objectIntegration\Cpos_Product.php:42
filterwoocommerce_rest_prepare_shop_order_refund_objectIntegration\Cpos_Product.php:44
actionrest_api_initIntegration\Cpos_RewardPoint.php:45
actionrest_api_initIntegration\Cpos_RewardPoint.php:54
actionrest_api_initIntegration\Cpos_RewardPoint.php:65
actionrest_api_initIntegration\Cpos_WordPress.php:30
Maintenance & Trust

ConnectPOS | Point of Sale for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMar 3, 2025
PHP min version7.0
Downloads11K

Community Trust

Rating92/100
Number of ratings20
Active installs80
Alternatives

ConnectPOS | Point of Sale for WooCommerce Alternatives

Vitepos – Point of Sale (POS) for WooCommerce

Vitepos – Point of Sale (POS) for WooCommerce

vitepos-lite

A
92

Fast, modern WooCommerce POS plugin for managing sales, outlets, and cashiers directly in WordPress.

2K 5 CVEs
wePOS – Point Of Sale (POS) for WooCommerce

wePOS – Point Of Sale (POS) for WooCommerce

wepos

A
100

WooCommerce point of sale WordPress plugin.

2K 1 CVE
Oliver POS – A WooCommerce Point of Sale (POS)

Oliver POS – A WooCommerce Point of Sale (POS)

oliver-pos

A
94

Oliver POS is a WooCommerce Point of Sale (POS) integrated into your shop. Always in sync with your e-commerce shop, Oliver POS lets you sell in-store …

1K 3 CVEs
Final POS – Drag & Drop Point of Sale Builder

Final POS – Drag & Drop Point of Sale Builder

finalpos

A
100

Short Description: Transform your WooCommerce store with Final POS, the drag-and-drop point of sale builder that syncs with your shop.

60 No CVEs
FooSales – Point of Sale (POS) for WooCommerce

FooSales – Point of Sale (POS) for WooCommerce

foosales

A
100

FooSales POS is a point of sale (POS) system for WooCommerce that turns any computer, iPad or Android tablet into a retail checkout.

700 No CVEs
Developer Profile

ConnectPOS | Point of Sale for WooCommerce Developer Profile

connectretail

1 plugin · 80 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect ConnectPOS | Point of Sale for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/connectpos-pos-system-for-woocommerce/connectpos.php/wp-content/plugins/connectpos-pos-system-for-woocommerce/includes/ConnectPOS.php/wp-content/plugins/connectpos-pos-system-for-woocommerce/Helper/Cpos_Database.php/wp-content/plugins/connectpos-pos-system-for-woocommerce/Integration/Cpos_Integrate.php/wp-content/plugins/connectpos-pos-system-for-woocommerce/admin/Cpos_Settings.php/wp-content/plugins/connectpos-pos-system-for-woocommerce/Integration/Cpos_Customer.php/wp-content/plugins/connectpos-pos-system-for-woocommerce/Integration/Cpos_GiftCard.php

HTML / DOM Fingerprints

REST Endpoints
/wp-json/wc/v3/roles/wp-json/wc/v3/gift-card
FAQ

Frequently Asked Questions about ConnectPOS | Point of Sale for WooCommerce