Does Multipurpose – Point of Sale for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Multipurpose – Point of Sale for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Multipurpose – Point of Sale for WooCommerce compatible with WordPress 6.6.5?

According to WordPress.org data, Multipurpose – Point of Sale for WooCommerce 2.0 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Multipurpose – Point of Sale for WooCommerce compatible with PHP 7.2+?

Multipurpose – Point of Sale for WooCommerce requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Multipurpose – Point of Sale for WooCommerce updated?

Multipurpose – Point of Sale for WooCommerce was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Multipurpose – Point of Sale for WooCommerce's security score?

Multipurpose – Point of Sale for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Multipurpose – Point of Sale for WooCommerce Security & Risk Analysis

wordpress.org/plugins/multipurpose-point-of-sale-for-woocommerce

Multipurpose-Point of Sale plugin for WooCommerce! Sell online and in your physical retail store - no monthly fees, no need to sync inventory.

0 active installs v2.0 PHP 7.2+ WP 5.6+ Updated Unknown

carte-commerceecommerceinventorypoint-of-sale

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Multipurpose – Point of Sale for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Multipurpose – Point of Sale for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "multipurpose-point-of-sale-for-woocommerce" plugin, version 2.0, exhibits a concerning security posture primarily due to a significantly large and entirely unprotected attack surface. With 56 AJAX handlers, none of which implement authentication or capability checks, there is a high likelihood of unauthorized access to sensitive functionalities. While the static analysis shows good practices in other areas such as SQL query preparation (88%) and output escaping (98%), these strengths are overshadowed by the critical vulnerability in access control for AJAX endpoints. The taint analysis reveals 4 high-severity flows with unsanitized paths, indicating potential for exploitation through improper handling of user-supplied data in these exposed AJAX actions.

The plugin's vulnerability history is notably clean, with no recorded CVEs. This is a positive indicator of past security diligence or perhaps less rigorous security testing in the past, but it should not instill complacency given the current findings. The complete lack of vulnerability history, combined with the current high-severity taint flows and the massive unprotected AJAX surface, suggests a potential for undiscovered vulnerabilities that could be easily triggered. In conclusion, while the plugin demonstrates good code hygiene in areas like SQL and output escaping, the critical weakness in securing its AJAX endpoints presents a significant risk that needs immediate attention.

Key Concerns

56 AJAX handlers without auth checks
4 high severity taint flows with unsanitized paths
0 Nonce checks on AJAX handlers
1 Capability check found

Vulnerabilities

None known

Multipurpose – Point of Sale for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Multipurpose – Point of Sale for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

56 prepared

Unescaped Output

1326 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

88% prepared64 total queries

Output Escaping

98% escaped1359 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

10 flows6 with unsanitized paths

tmdpos_order_print (include\tmd-pos-ajax.php:598)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

56 unprotected

Multipurpose – Point of Sale for WooCommerce Attack Surface

Entry Points56

Unprotected56

AJAX Handlers 56

authwp_ajax_tmdpos_varaiation_filterinclude\tmd-pos-ajax.php:14

noprivwp_ajax_tmdpos_varaiation_filterinclude\tmd-pos-ajax.php:15

authwp_ajax_tmdpos_cart_sessioninclude\tmd-pos-ajax.php:63

noprivwp_ajax_tmdpos_cart_sessioninclude\tmd-pos-ajax.php:64

authwp_ajax_tmdpos_update_cartinclude\tmd-pos-ajax.php:91

noprivwp_ajax_tmdpos_update_cartinclude\tmd-pos-ajax.php:92

authwp_ajax_tmdpos_cart_checkoutinclude\tmd-pos-ajax.php:143

noprivwp_ajax_tmdpos_cart_checkoutinclude\tmd-pos-ajax.php:144

authwp_ajax_tmdpos_remove_cart_itemsinclude\tmd-pos-ajax.php:183

noprivwp_ajax_tmdpos_remove_cart_itemsinclude\tmd-pos-ajax.php:184

authwp_ajax_tmdpos_clear_cart_itemsinclude\tmd-pos-ajax.php:199

noprivwp_ajax_tmdpos_clear_cart_itemsinclude\tmd-pos-ajax.php:200

authwp_ajax_tmdpos_order_nowinclude\tmd-pos-ajax.php:214

noprivwp_ajax_tmdpos_order_nowinclude\tmd-pos-ajax.php:215

authwp_ajax_tmdpos_filter_product_by_catinclude\tmd-pos-ajax.php:367

noprivwp_ajax_tmdpos_filter_product_by_catinclude\tmd-pos-ajax.php:368

authwp_ajax_tmdpos_order_printinclude\tmd-pos-ajax.php:596

noprivwp_ajax_tmdpos_order_printinclude\tmd-pos-ajax.php:597

authwp_ajax_tmdpos_get_countryinclude\tmd-pos-ajax.php:1254

noprivwp_ajax_tmdpos_get_countryinclude\tmd-pos-ajax.php:1255

authwp_ajax_tmdpos_get_stateinclude\tmd-pos-ajax.php:1275

noprivwp_ajax_tmdpos_get_stateinclude\tmd-pos-ajax.php:1276

authwp_ajax_tmd_save_customer_datainclude\tmd-pos-ajax.php:1298

noprivwp_ajax_tmd_save_customer_datainclude\tmd-pos-ajax.php:1299

authwp_ajax_tmdpos_update_order_forminclude\tmd-pos-ajax.php:1341

noprivwp_ajax_tmdpos_update_order_forminclude\tmd-pos-ajax.php:1342

authwp_ajax_tmdpos_update_orderinclude\tmd-pos-ajax.php:1425

noprivwp_ajax_tmdpos_update_orderinclude\tmd-pos-ajax.php:1426

authwp_ajax_tmdpos_order_print_from_listinclude\tmd-pos-ajax.php:1452

noprivwp_ajax_tmdpos_order_print_from_listinclude\tmd-pos-ajax.php:1453

authwp_ajax_tmdpos_stock_ininclude\tmd-pos-ajax.php:2032

noprivwp_ajax_tmdpos_stock_ininclude\tmd-pos-ajax.php:2033

authwp_ajax_tmdpos_stock_updateinclude\tmd-pos-ajax.php:2081

noprivwp_ajax_tmdpos_stock_updateinclude\tmd-pos-ajax.php:2082

authwp_ajax_tmdpos_apply_couponinclude\tmd-pos-ajax.php:2099

noprivwp_ajax_tmdpos_apply_couponinclude\tmd-pos-ajax.php:2100

authwp_ajax_tmdpos_hold_orderinclude\tmd-pos-ajax.php:2213

noprivwp_ajax_tmdpos_hold_orderinclude\tmd-pos-ajax.php:2214

authwp_ajax_tmdpos_hold_order_to_cartinclude\tmd-pos-ajax.php:2245

noprivwp_ajax_tmdpos_hold_order_to_cartinclude\tmd-pos-ajax.php:2246

authwp_ajax_tmdpos_sale_report_printinclude\tmd-pos-ajax.php:2281

noprivwp_ajax_tmdpos_sale_report_printinclude\tmd-pos-ajax.php:2282

authwp_ajax_tmdpos_product_filter_by_name_skuinclude\tmd-pos-ajax.php:2342

noprivwp_ajax_tmdpos_product_filter_by_name_skuinclude\tmd-pos-ajax.php:2343

authwp_ajax_tmdpos_load_more_productinclude\tmd-pos-ajax.php:2590

noprivwp_ajax_tmdpos_load_more_productinclude\tmd-pos-ajax.php:2591

authwp_ajax_tmd_pos_user_logininclude\tmd-pos-ajax.php:2819

noprivwp_ajax_tmd_pos_user_logininclude\tmd-pos-ajax.php:2820

authwp_ajax_tmdpos_layout_two_product_filter_by_name_skuinclude\tmd-pos-ajax.php:2856

noprivwp_ajax_tmdpos_layout_two_product_filter_by_name_skuinclude\tmd-pos-ajax.php:2857

authwp_ajax_tmdpos_layout_two_product_filter_by_categoryinclude\tmd-pos-ajax.php:3089

noprivwp_ajax_tmdpos_layout_two_product_filter_by_categoryinclude\tmd-pos-ajax.php:3090

authwp_ajax_tmdpos_layout_two_load_moreinclude\tmd-pos-ajax.php:3307

noprivwp_ajax_tmdpos_layout_two_load_moreinclude\tmd-pos-ajax.php:3308

authwp_ajax_tmdpos_layout_two_customer_searchinclude\tmd-pos-ajax.php:3514

noprivwp_ajax_tmdpos_layout_two_customer_searchinclude\tmd-pos-ajax.php:3515

WordPress Hooks 21

actionadmin_menuinclude\class-tmdpos-init.php:21

actionwp_enqueue_scriptsinclude\class-tmdpos-init.php:24

actionadmin_enqueue_scriptsinclude\class-tmdpos-init.php:27

actionadmin_initinclude\class-tmdpos-init.php:30

actionwp_logoutinclude\class-tmdpos-init.php:33

actionadmin_initinclude\class-tmdpos-init.php:36

actionadmin_initinclude\class-tmdpos-init.php:39

filterpage_templateinclude\class-tmdpos-init.php:42

actionadmin_initinclude\class-tmdpos-init.php:45

filteradmin_footer_textinclude\class-tmdpos-init.php:177

filterupdate_footerinclude\class-tmdpos-init.php:178

actionadmin_initinclude\class-tmdpos-savedata.php:15

actionadmin_initinclude\class-tmdpos-savedata.php:17

actionadmin_initinclude\class-tmdpos-savedata.php:19

actionadmin_initinclude\class-tmdpos-savedata.php:21

actionadmin_initinclude\class-tmdpos-savedata.php:23

actioninitinclude\tmd-pos-class\class-tmd-pos-gateway.php:10

filterwoocommerce_payment_gatewaysinclude\tmd-pos-class\class-tmd-pos-gateway.php:36

actioninitinclude\tmd-pos-class\class-tmd-pos-gateway.php:43

filterwoocommerce_payment_gatewaysinclude\tmd-pos-class\class-tmd-pos-gateway.php:69

actionadmin_noticesmultipurpose-point-of-sale-for-woocommerce.php:45

Maintenance & Trust

Multipurpose – Point of Sale for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedUnknown

PHP min version7.2

Downloads773

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

Multipurpose – Point of Sale for WooCommerce Alternatives

Ecwid by Lightspeed Ecommerce Shopping Cart

ecwid-shopping-cart

Powerful, easy to use ecommerce shopping cart for WordPress. Sell on Facebook and Instagram. iPhone & Android apps. Superb support.

20K 13 CVEs

WCPOS – Point of Sale (POS) plugin for WooCommerce

woocommerce-pos

WCPOS is a simple application for taking orders at the Point of Sale (POS) using your WooCommerce store.

6K 2 CVEs

Shopping Cart & eCommerce Store

wp-easycart

A FREE WordPress eCommerce & WordPress Shopping Cart plugin that can sell products, subscriptions, downloads, services, donations, and much more o …

4K 21 CVEs

PrestaShop Integration

prestashop-integration

Add integration using shortcodes and widgets from a PrestaShop e-commerce to your blog

100 No CVEs

Shopify Importer

shopify

Import products from a Shopify.com online store into your blog.

100 No CVEs

Developer Profile

Multipurpose – Point of Sale for WooCommerce Developer Profile

Ashwani kumar

3 plugins · 60 total installs

trust score

Avg Security Score

87/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Multipurpose – Point of Sale for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/multipurpose-point-of-sale-for-woocommerce/assets/css/pos-admin.min.css/wp-content/plugins/multipurpose-point-of-sale-for-woocommerce/assets/css/data-table.min.css/wp-content/plugins/multipurpose-point-of-sale-for-woocommerce/assets/js/graph-canvas.min.js/wp-content/plugins/multipurpose-point-of-sale-for-woocommerce/assets/js/admin-script.js/wp-content/plugins/multipurpose-point-of-sale-for-woocommerce/assets/js/data-table.min.js/wp-content/plugins/multipurpose-point-of-sale-for-woocommerce/assets/css/pos-front-min.css/wp-content/plugins/multipurpose-point-of-sale-for-woocommerce/assets/js/front-script.js/wp-content/plugins/multipurpose-point-of-sale-for-woocommerce/assets/js/ajax.js

HTML / DOM Fingerprints

CSS Classes

tmdpos-admin-styletmdpos-data-tabletmdpos-graph-minjstmdpos-admin-scripttmdpos-datatable-jstmdpos-fronttmdpos-front-scripttmdpos-ajax

Data Attributes

tmd_pos

JS Globals

tmd_ajax_url

FAQ