Does Vitepos – Point of Sale (POS) for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Vitepos – Point of Sale (POS) for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Vitepos – Point of Sale (POS) for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Vitepos – Point of Sale (POS) for WooCommerce 3.3.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Vitepos – Point of Sale (POS) for WooCommerce compatible with PHP 7.2+?

Vitepos – Point of Sale (POS) for WooCommerce requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Vitepos – Point of Sale (POS) for WooCommerce updated?

Vitepos – Point of Sale (POS) for WooCommerce was last updated on Mar 5, 2026. Frequent updates are generally a positive security signal.

What is Vitepos – Point of Sale (POS) for WooCommerce's security score?

Vitepos – Point of Sale (POS) for WooCommerce has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Vitepos – Point of Sale (POS) for WooCommerce Security & Risk Analysis

wordpress.org/plugins/vitepos-lite

Fast, modern WooCommerce POS plugin for managing sales, outlets, and cashiers directly in WordPress.

2K active installs v3.3.4 PHP 7.2+ WP 5.2+ Updated Mar 5, 2026

point-of-salepospos-pluginstorewoocommerce-pos

A · Safe

CVEs total5

Unpatched0

Last CVENov 20, 2025

Plugin page Download

Safety Verdict

Is Vitepos – Point of Sale (POS) for WooCommerce Safe to Use in 2026?

Generally Safe

Score 92/100

Vitepos – Point of Sale (POS) for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Nov 20, 2025Updated 29d ago

Risk Assessment

The "vitepos-lite" v3.3.4 plugin exhibits a mixed security posture. While it demonstrates good practices in output escaping (99%) and utilizes prepared statements for a significant portion of its SQL queries (42%), there are several concerning areas. The attack surface is substantial, with 77 out of 80 entry points lacking permission callbacks, indicating a high risk of unauthorized access and manipulation of plugin functionalities through REST API endpoints. The presence of the `unserialize` function without explicit sanitization is a critical red flag, as it can lead to object injection vulnerabilities if user-supplied data is passed to it.

Key Concerns

Massive REST API attack surface without authorization
Unserialized data without sanitization
High number of total CVEs historically
Vulnerabilities in common types (Auth, Upload)
Some SQL queries not using prepared statements
Limited nonce checks on AJAX

Vulnerabilities

Vitepos – Point of Sale (POS) for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

4 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

5 total CVEs

CVE-2025-13156high · 8.8Unrestricted Upload of File with Dangerous Type

Vitepos – Point of Sale (POS) for WooCommerce <= 3.3.0 - Authenticated (Subscriber+) Arbitrary File Upload to Remote Code Execution

Nov 20, 2025 Patched in 3.3.1 (1d)

CVE-2025-39535medium · 4.3Missing Authorization

Vitepos <= 3.1.7 - Missing Authorization

Apr 17, 2025 Patched in 3.1.8 (5d)

CVE-2025-22277medium · 5.3Missing Authorization

Vitepos <= 3.1.4 - Missing Authorization

Mar 31, 2025 Patched in 3.1.5 (9d)

CVE-2025-26750medium · 4.3Missing Authorization

Vitepos – Point of sale (POS) <= 3.1.3 - Missing Authorization

Feb 14, 2025 Patched in 3.1.4 (11d)

CVE-2024-33574medium · 4.3Missing Authorization

Vitepos <= 3.0.1 - Missing Authorization

Apr 25, 2024 Patched in 3.0.2 (7d)

Code Analysis

Analyzed Mar 16, 2026

Vitepos – Point of Sale (POS) for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

212 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$field->options = unserialize( $field->options );vitepos_lite\modules\class-pos-settings.php:956

SQL Query Safety

42% prepared19 total queries

Output Escaping

99% escaped215 total outputs

Attack Surface

77 unprotected

Vitepos – Point of Sale (POS) for WooCommerce Attack Surface

Entry Points80

Unprotected77

AJAX Handlers 3

authwp_ajax_vtp_dci_sdk_insightsdci\class-vtp-insights-sdk.php:96

authwp_ajax_vtp_dci_sdk_dismiss_noticedci\class-vtp-insights-sdk.php:97

authwp_ajax_vtp_dci_sdk_insights_deactivate_feedbackdci\class-vtp-insights-sdk.php:98

REST API Routes 77

GET/wp-json/GETheart-bitvitepos_lite\api\v1\class-heartbit-api.php:42

GET/wp-json/GETsettingsvitepos_lite\api\v1\class-pos-api-config.php:42

GET/wp-json/GETcountriesvitepos_lite\api\v1\class-pos-api-config.php:43

GET/wp-json/postlistvitepos_lite\api\v1\class-pos-customer-api.php:46

GET/wp-json/POSTcreatevitepos_lite\api\v1\class-pos-customer-api.php:47

GET/wp-json/POSTcheck-uniquevitepos_lite\api\v1\class-pos-customer-api.php:48

GET/wp-json/POSTcustomer-listvitepos_lite\api\v1\class-pos-customer-api.php:49

GET/wp-json/POSTdelete-customervitepos_lite\api\v1\class-pos-customer-api.php:50

GET/wp-json/GETdetails/(?P<id>\d+)vitepos_lite\api\v1\class-pos-customer-api.php:51

GET/wp-json/POSTmake-paymentvitepos_lite\api\v1\class-pos-order-api.php:47

GET/wp-json/POSTorder-listvitepos_lite\api\v1\class-pos-order-api.php:48

GET/wp-json/GETdetails/(?P<id>\d+)vitepos_lite\api\v1\class-pos-order-api.php:49

GET/wp-json/GETemail/(?P<order_id>\d+)vitepos_lite\api\v1\class-pos-order-api.php:50

GET/wp-json/GETlistvitepos_lite\api\v1\class-pos-outlet-api.php:49

GET/wp-json/GETall-outlet-listvitepos_lite\api\v1\class-pos-outlet-api.php:50

GET/wp-json/GETcash-drawer-infovitepos_lite\api\v1\class-pos-outlet-api.php:51

GET/wp-json/POSTcash-drawer-logvitepos_lite\api\v1\class-pos-outlet-api.php:52

GET/wp-json/POSTwithdraw-cashvitepos_lite\api\v1\class-pos-outlet-api.php:53

GET/wp-json/POSTclose-drawervitepos_lite\api\v1\class-pos-outlet-api.php:54

GET/wp-json/GETdetails/(?P<id>\d+)vitepos_lite\api\v1\class-pos-outlet-api.php:55

GET/wp-json/GETsummary/(?P<id>\d+)vitepos_lite\api\v1\class-pos-outlet-api.php:56

GET/wp-json/GETend-of-day-data/(?P<id>\d+)vitepos_lite\api\v1\class-pos-outlet-api.php:57

GET/wp-json/POSTlistvitepos_lite\api\v1\class-pos-product-api.php:45

GET/wp-json/POSTscan-productvitepos_lite\api\v1\class-pos-product-api.php:46

GET/wp-json/POSTlist-variationvitepos_lite\api\v1\class-pos-product-api.php:47

GET/wp-json/GETcategoriesvitepos_lite\api\v1\class-pos-product-api.php:48

GET/wp-json/GETall-categoriesvitepos_lite\api\v1\class-pos-product-api.php:49

GET/wp-json/GETall-taxesvitepos_lite\api\v1\class-pos-product-api.php:50

GET/wp-json/GETattributesvitepos_lite\api\v1\class-pos-product-api.php:51

GET/wp-json/GETgetStock/(?P<id>\d+)vitepos_lite\api\v1\class-pos-product-api.php:52

GET/wp-json/GETdetails/(?P<id>\d+)vitepos_lite\api\v1\class-pos-product-api.php:53

GET/wp-json/POSTget-all-categoriesvitepos_lite\api\v1\class-pos-product-api.php:55

GET/wp-json/POSTadd-categoryvitepos_lite\api\v1\class-pos-product-api.php:56

GET/wp-json/POSTupdate-categoryvitepos_lite\api\v1\class-pos-product-api.php:57

GET/wp-json/POSTdelete-categoryvitepos_lite\api\v1\class-pos-product-api.php:58

GET/wp-json/POSTget-categoryvitepos_lite\api\v1\class-pos-product-api.php:59

GET/wp-json/POSTget-attributesvitepos_lite\api\v1\class-pos-product-api.php:60

GET/wp-json/POSTadd-attributevitepos_lite\api\v1\class-pos-product-api.php:61

GET/wp-json/POSTget-attributevitepos_lite\api\v1\class-pos-product-api.php:62

GET/wp-json/POSTupdate-attributevitepos_lite\api\v1\class-pos-product-api.php:63

GET/wp-json/POSTdelete-attributevitepos_lite\api\v1\class-pos-product-api.php:64

GET/wp-json/POSTlistvitepos_lite\api\v1\class-pos-purchase-api.php:47

GET/wp-json/POSTcreatevitepos_lite\api\v1\class-pos-purchase-api.php:48

GET/wp-json/GETdetails/(?P<id>\d+)vitepos_lite\api\v1\class-pos-purchase-api.php:49

GET/wp-json/POSTupdated-price-listvitepos_lite\api\v1\class-pos-purchase-api.php:50

GET/wp-json/POSTsend-to-kitchenvitepos_lite\api\v1\class-pos-restaurant-api.php:49

GET/wp-json/POSTstart-preparingvitepos_lite\api\v1\class-pos-restaurant-api.php:50

GET/wp-json/POSTmake-servedvitepos_lite\api\v1\class-pos-restaurant-api.php:51

GET/wp-json/POSTdeny-ordervitepos_lite\api\v1\class-pos-restaurant-api.php:52

GET/wp-json/POSTcancel-ordervitepos_lite\api\v1\class-pos-restaurant-api.php:53

GET/wp-json/POSTcancel-order-requestvitepos_lite\api\v1\class-pos-restaurant-api.php:54

GET/wp-json/POSTcancel-request-ansvitepos_lite\api\v1\class-pos-restaurant-api.php:55

GET/wp-json/POSTadd-kitchen-notevitepos_lite\api\v1\class-pos-restaurant-api.php:56

GET/wp-json/POSTserved-listvitepos_lite\api\v1\class-pos-restaurant-api.php:57

GET/wp-json/POSTcanned-messagevitepos_lite\api\v1\class-pos-restaurant-api.php:58

GET/wp-json/POSTsync-order-listvitepos_lite\api\v1\class-pos-restaurant-api.php:59

GET/wp-json/POSTchange-statusvitepos_lite\api\v1\class-pos-restaurant-api.php:60

GET/wp-json/GETcashier-details/(?P<id>\d+)vitepos_lite\api\v1\class-pos-restaurant-api.php:61

GET/wp-json/POSTloginvitepos_lite\api\v1\class-pos-user-api.php:47

GET/wp-json/GETlogoutvitepos_lite\api\v1\class-pos-user-api.php:48

GET/wp-json/POSTlistvitepos_lite\api\v1\class-pos-user-api.php:49

GET/wp-json/POSTchange-passvitepos_lite\api\v1\class-pos-user-api.php:50

GET/wp-json/POSTchange-pass-forcevitepos_lite\api\v1\class-pos-user-api.php:51

GET/wp-json/POSTdelete-uservitepos_lite\api\v1\class-pos-user-api.php:52

GET/wp-json/GETclose-cash-drawervitepos_lite\api\v1\class-pos-user-api.php:53

GET/wp-json/GETcash-drawer-listvitepos_lite\api\v1\class-pos-user-api.php:54

GET/wp-json/GETrolesvitepos_lite\api\v1\class-pos-user-api.php:55

GET/wp-json/POSTcreatevitepos_lite\api\v1\class-pos-user-api.php:56

GET/wp-json/POSToutlet-panelvitepos_lite\api\v1\class-pos-user-api.php:57

GET/wp-json/GETdetails/(?P<id>\d+)vitepos_lite\api\v1\class-pos-user-api.php:58

GET/wp-json/GETcurrent-uservitepos_lite\api\v1\class-pos-user-api.php:59

GET/wp-json/GETget-logged-uservitepos_lite\api\v1\class-pos-user-api.php:60

GET/wp-json/POSTlistvitepos_lite\api\v1\class-pos-vendor-api.php:44

GET/wp-json/POSTcreatevitepos_lite\api\v1\class-pos-vendor-api.php:45

GET/wp-json/POSTupdate_statusvitepos_lite\api\v1\class-pos-vendor-api.php:46

GET/wp-json/POSTdelete-vendorvitepos_lite\api\v1\class-pos-vendor-api.php:47

GET/wp-json/GETdetails/(?P<id>\d+)vitepos_lite\api\v1\class-pos-vendor-api.php:48

WordPress Hooks 65

actionadmin_enqueue_scriptsdci\class-vtp-insights-sdk.php:278

actionadmin_noticesdci\class-vtp-insights-sdk.php:286

actionadmin_noticesdci\class-vtp-insights-sdk.php:298

actionin_admin_headerdci\class-vtp-insights-sdk.php:304

actionadmin_enqueue_scriptsdci\class-vtp-insights-sdk.php:333

actionin_admin_headerdci\class-vtp-insights-sdk.php:342

actioninitvitepos_lite\core\class-viteposlite.php:52

actionrest_pre_serve_requestvitepos_lite\core\class-viteposlite.php:81

actionrest_api_initvitepos_lite\core\class-viteposlite.php:88

filterwoocommerce_email_actionsvitepos_lite\core\class-viteposlite.php:104

actionadmin_print_stylesvitepos_lite\core\class-viteposlite.php:133

actionadmin_enqueue_scriptsvitepos_lite\core\class-viteposlite.php:134

actionadmin_menuvitepos_lite\core\class-viteposlite.php:149

filtervitepos/filter/payment-gwvitepos_lite\modules\class-pos-payment.php:43

filtervitepos/filter/header-linksvitepos_lite\modules\class-pos-payment.php:44

filtervitepos/filter/footer-scriptsvitepos_lite\modules\class-pos-payment.php:45

filtervitepos/filter/payment/methodsvitepos_lite\modules\class-pos-payment.php:46

filtervitepos/filter/payment-namevitepos_lite\modules\class-pos-payment.php:47

actionapbd-vtpos/action/role-addedvitepos_lite\modules\class-pos-role.php:34

actionapbd-vtpos/action/role-updatedvitepos_lite\modules\class-pos-role.php:35

actionapbd-vtpos/action/role-deletedvitepos_lite\modules\class-pos-role.php:36

filtereditable_rolesvitepos_lite\modules\class-pos-role.php:37

filterapbd-vtpos/acl-resourcevitepos_lite\modules\class-pos-role.php:91

filteruser_has_capvitepos_lite\modules\class-pos-role.php:92

actionadmin_bar_menuvitepos_lite\modules\class-pos-settings.php:52

filterappsbd/input/html/fieldsvitepos_lite\modules\class-pos-settings.php:54

filterwoocommerce_order_data_store_cpt_get_orders_queryvitepos_lite\modules\class-pos-settings.php:63

filterwoocommerce_order_query_argsvitepos_lite\modules\class-pos-settings.php:64

filterwoocommerce_product_data_store_cpt_get_products_queryvitepos_lite\modules\class-pos-settings.php:65

filtervitepos/filter/billing-addressvitepos_lite\modules\class-pos-settings.php:66

filterdisplay_post_statesvitepos_lite\modules\class-pos-settings.php:67

actionapbd-vtpos/action/save-category-imagevitepos_lite\modules\class-pos-settings.php:68

actionapbd-vtpos/action/save-user-imagevitepos_lite\modules\class-pos-settings.php:69

actionshow_user_profilevitepos_lite\modules\class-pos-settings.php:72

actionuser_new_formvitepos_lite\modules\class-pos-settings.php:73

actionedit_user_profilevitepos_lite\modules\class-pos-settings.php:74

actionuser_registervitepos_lite\modules\class-pos-settings.php:76

actionpersonal_options_updatevitepos_lite\modules\class-pos-settings.php:77

actionedit_user_profile_updatevitepos_lite\modules\class-pos-settings.php:78

filterwoocommerce_order_item_get_formatted_meta_datavitepos_lite\modules\class-pos-settings.php:81

filterelite-pos/email-body-contentvitepos_lite\modules\class-pos-settings.php:562

actiontemplate_redirectvitepos_lite\modules\class-pos-settings.php:563

filterquery_varsvitepos_lite\modules\class-pos-settings.php:565

actionwoocommerce_admin_order_totals_after_totalvitepos_lite\modules\class-pos-settings.php:566

actionwoocommerce_admin_order_totals_after_taxvitepos_lite\modules\class-pos-settings.php:567

actionvitepos-client-headervitepos_lite\modules\class-pos-settings.php:572

actionvitepos-client-footervitepos_lite\modules\class-pos-settings.php:573

actionvitepos-client-headervitepos_lite\modules\class-pos-settings.php:574

actionwoocommerce_product_options_skuvitepos_lite\modules\class-pos-settings.php:576

actionwoocommerce_variation_optionsvitepos_lite\modules\class-pos-settings.php:577

actionwoocommerce_process_product_metavitepos_lite\modules\class-pos-settings.php:579

actionwoocommerce_save_product_variationvitepos_lite\modules\class-pos-settings.php:580

filtermanage_edit-shop_order_columnsvitepos_lite\modules\class-pos-settings.php:582

filtermanage_woocommerce_page_wc-orders_columnsvitepos_lite\modules\class-pos-settings.php:583

actionmanage_shop_order_posts_custom_columnvitepos_lite\modules\class-pos-settings.php:585

actionmanage_woocommerce_page_wc-orders_custom_columnvitepos_lite\modules\class-pos-settings.php:586

actionsave_post_productvitepos_lite\modules\class-pos-settings.php:588

actionafter_delete_postvitepos_lite\modules\class-pos-settings.php:589

actionwoocommerce_process_product_metavitepos_lite\modules\class-pos-settings.php:590

actionwoocommerce_save_product_variationvitepos_lite\modules\class-pos-settings.php:591

actionwoocommerce_settings_savedvitepos_lite\modules\class-pos-settings.php:592

filterwoocommerce_order_item_get_formatted_meta_datavitepos_lite\modules\class-pos-settings.php:593

actionapbd-vtpos/action/send-temp-password-emailvitepos_lite\modules\class-pos-settings.php:594

actionvitepos/action/send-customer-emailvitepos_lite\modules\class-pos-settings.php:597

filtervitepos/filter/get-product-barcodevitepos_lite\modules\class-pos-settings.php:599

Maintenance & Trust

Vitepos – Point of Sale (POS) for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 5, 2026

PHP min version7.2

Downloads51K

Community Trust

Rating94/100

Number of ratings51

Active installs2K

Alternatives

Vitepos – Point of Sale (POS) for WooCommerce Alternatives

wePOS – Point Of Sale (POS) for WooCommerce

wepos

100

WooCommerce point of sale WordPress plugin.

2K 1 CVE

Oliver POS – A WooCommerce Point of Sale (POS)

oliver-pos

Oliver POS is a WooCommerce Point of Sale (POS) integrated into your shop. Always in sync with your e-commerce shop, Oliver POS lets you sell in-store …

1K 3 CVEs

ConnectPOS | Point of Sale for WooCommerce

connectpos-pos-system-for-woocommerce

ConnectPOS is a global-awarded Point of Sale (POS) tailor-made for WooCommerce users in Fashion industry. We are the Bronze winner of 2021 Stevie Awar …

80 No CVEs

Final POS – Drag & Drop Point of Sale Builder

finalpos

100

Short Description: Transform your WooCommerce store with Final POS, the drag-and-drop point of sale builder that syncs with your shop.

60 No CVEs

OpenPOS Lite – Point of Sale for WooCommerce

wpos-lite-version

OpenPOS Lite is a powerful and extendable Point of Sale (POS) plugin for WooCommerce, designed to seamlessly connect your online and offline sales.

50 1 CVE

Developer Profile

Vitepos – Point of Sale (POS) for WooCommerce Developer Profile

appsbd

7 plugins · 3K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

68 days

View full developer profile

Detection Fingerprints

How We Detect Vitepos – Point of Sale (POS) for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/vitepos-lite/build/admin/css/main.css/wp-content/plugins/vitepos-lite/build/admin/js/main.js/wp-content/plugins/vitepos-lite/build/frontend/css/main.css/wp-content/plugins/vitepos-lite/build/frontend/js/main.js

Script Paths

/wp-content/plugins/vitepos-lite/build/admin/js/main.js/wp-content/plugins/vitepos-lite/build/frontend/js/main.js

Version Parameters

vitepos-lite/build/admin/css/main.css?ver=vitepos-lite/build/admin/js/main.js?ver=vitepos-lite/build/frontend/css/main.css?ver=vitepos-lite/build/frontend/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes

vitepos-order-detailsvitepos-dashboard-widgetvitepos-pos-login

HTML Comments

vitepos-lite: Plugin Name: Vitepos Helpervitepos-lite: Description: This improves Vitepos response speed. Do not uninstall or remove it.

Data Attributes

data-vitepos-actiondata-vitepos-nonce

JS Globals

vitepos_admin_ajaxvitepos_params

REST Endpoints

/wp-json/vitepos-lite/v1/orders/wp-json/vitepos-lite/v1/products/wp-json/vitepos-lite/v1/customers

Shortcode Output

[vitepos_pos_login]

FAQ