WP-Safety

wePOS – Point Of Sale (POS) for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wepos

WooCommerce point of sale WordPress plugin.

2K active installs v1.3.3 PHP 7.4+ WP 6.5+ Updated Sep 12, 2025
free-pospoint-of-salepos-pluginwoocommerce-point-of-salewoocommerce-pos
100
A · Safe
CVEs total1
Unpatched0
Last CVEDec 16, 2022
Plugin page Download
Safety Verdict

Is wePOS – Point Of Sale (POS) for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

wePOS – Point Of Sale (POS) for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 16, 2022Updated 6mo ago
Risk Assessment

The wepos plugin version 1.3.3 exhibits a generally good security posture based on static analysis, with a notable absence of critical or high-severity taint flows and a complete reliance on prepared statements for SQL queries. The presence of numerous nonce and capability checks across its entry points is also a positive indicator of security consciousness. However, the static analysis reveals that 71% of output is properly escaped, indicating that approximately 17% of output might be vulnerable to cross-site scripting (XSS) attacks, which warrants attention. The plugin's vulnerability history, while currently showing no unpatched issues, includes a medium-severity vulnerability from late 2022 attributed to missing authorization. This past issue, coupled with the potential for unescaped output, suggests that while the plugin has strong foundations, vigilance is required to address potential authorization bypasses and XSS risks.

Key Concerns

  • Percentage of output properly escaped is 71%
  • Medium severity vulnerability in history
Vulnerabilities
1

wePOS – Point Of Sale (POS) for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

WF-84003388-c47c-41db-8d2d-4643aa375a89-weposmedium · 4.3Missing Authorization

Appsero <= 1.2.1 - Missing Authorization

Dec 16, 2022 Patched in 1.2.6 (699d)
Code Analysis
Analyzed Mar 16, 2026

wePOS – Point Of Sale (POS) for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
5 prepared
Unescaped Output
24
59 escaped
Nonce Checks
7
Capability Checks
22
File Operations
0
External Requests
3
Bundled Libraries
3

Bundled Libraries

Select2jQueryTinyMCE

SQL Query Safety

100% prepared5 total queries

Output Escaping

71% escaped83 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
save_settings_value (includes\Admin\Settings.php:58)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

wePOS – Point Of Sale (POS) for WooCommerce Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 3

authwp_ajax_wepos_dismiss_limited_time_promotional_noticeincludes\Admin\LimitedTimePromotion.php:30
authwp_ajax_wepos_get_setting_valuesincludes\Admin\Settings.php:20
authwp_ajax_wepos_save_settingsincludes\Admin\Settings.php:21
WordPress Hooks 66
actionswitch_themedependencies\Appsero\Insights.php:135
actionswitch_themedependencies\Appsero\Insights.php:136
actionadmin_footerdependencies\Appsero\Insights.php:146
actionadmin_noticesdependencies\Appsero\Insights.php:161
actionadmin_initdependencies\Appsero\Insights.php:164
filtercron_schedulesdependencies\Appsero\Insights.php:168
actionadmin_menudependencies\Appsero\License.php:219
actionafter_switch_themedependencies\Appsero\License.php:781
actionswitch_themedependencies\Appsero\License.php:782
actionadmin_menuincludes\Admin\Admin.php:10
filtermanage_edit-shop_order_columnsincludes\Admin\Admin.php:11
actionmanage_shop_order_posts_custom_columnincludes\Admin\Admin.php:12
actionadmin_print_stylesincludes\Admin\Admin.php:13
actionadmin_enqueue_scriptsincludes\Admin\Admin.php:58
actionload-edit.phpincludes\Admin\Discounts.php:35
actionwepos_daily_midnight_cronincludes\Admin\Discounts.php:36
filterwoocommerce_admin_order_item_coupon_urlincludes\Admin\Discounts.php:37
actionpre_get_postsincludes\Admin\Discounts.php:58
filterwp_count_postsincludes\Admin\Discounts.php:81
actionadmin_noticesincludes\Admin\LimitedTimePromotion.php:29
actionwoocommerce_product_options_general_product_dataincludes\Admin\Products.php:17
actionwoocommerce_product_after_variable_attributesincludes\Admin\Products.php:18
actionwoocommerce_process_product_metaincludes\Admin\Products.php:19
actionwoocommerce_save_product_variationincludes\Admin\Products.php:20
filterwepos_localize_dataincludes\Admin\Settings.php:19
filterwoocommerce_order_data_store_cpt_get_orders_queryincludes\Admin\Updates\upgrade-1.0.4.php:24
actionadmin_noticesincludes\Admin\Updates.php:29
actionadmin_initincludes\Admin\Updates.php:30
actionadmin_enqueue_scriptsincludes\Assets.php:12
actionwepos_enqueue_scriptsincludes\Assets.php:14
actionwoocommerce_new_orderincludes\Common.php:32
filterwepos_frontend_permissionsincludes\Dokan.php:20
filterwoocommerce_rest_product_object_queryincludes\Dokan.php:21
actiondokan_new_seller_createdincludes\Dokan.php:22
filterdokan_get_dashboard_navincludes\Dokan.php:23
filterwepos_settings_fieldsincludes\Dokan.php:24
filterwepos_rest_manager_permissionsincludes\Dokan.php:25
actiondokan_new_vendorincludes\Dokan.php:28
actionwp_headincludes\Frontend.php:10
actionwp_headincludes\Frontend.php:11
actionwepos_footerincludes\Frontend.php:12
actionwp_headincludes\Frontend.php:13
actiontemplate_redirectincludes\Frontend.php:14
filtershow_admin_barincludes\Frontend.php:15
filterdocument_title_partsincludes\Frontend.php:16
filterwoocommerce_account_menu_itemsincludes\Frontend.php:19
filterwoocommerce_get_endpoint_urlincludes\Frontend.php:20
actionplugins_loadedincludes\Gateways\Manager.php:16
filterwoocommerce_payment_gatewaysincludes\Gateways\Manager.php:17
actionrest_api_initincludes\REST\Manager.php:34
filterwoocommerce_rest_prepare_product_objectincludes\REST\Manager.php:35
filterwoocommerce_rest_prepare_product_variation_objectincludes\REST\Manager.php:36
filterwoocommerce_rest_prepare_product_catincludes\REST\Manager.php:37
filterwoocommerce_rest_prepare_taxincludes\REST\Manager.php:38
filterwoocommerce_rest_pre_insert_shop_order_objectincludes\REST\Manager.php:39
actioninitwepos.php:85
filterquery_varswepos.php:86
actionbefore_woocommerce_initwepos.php:89
actionplugins_loadedwepos.php:91
actionadmin_noticeswepos.php:94
actionwoocommerce_loadedwepos.php:96
actionwoocommerce_initwepos.php:97
actioninitwepos.php:332
actioninitwepos.php:333
actionwepos_loadedwepos.php:334
actionshutdownwepos.php:464
Maintenance & Trust

wePOS – Point Of Sale (POS) for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 12, 2025
PHP min version7.4
Downloads109K

Community Trust

Rating70/100
Number of ratings22
Active installs2K
Alternatives

wePOS – Point Of Sale (POS) for WooCommerce Alternatives

Oliver POS – A WooCommerce Point of Sale (POS)

Oliver POS – A WooCommerce Point of Sale (POS)

oliver-pos

A
94

Oliver POS is a WooCommerce Point of Sale (POS) integrated into your shop. Always in sync with your e-commerce shop, Oliver POS lets you sell in-store &hellip;

1K 3 CVEs
Final POS – Drag & Drop Point of Sale Builder

Final POS – Drag & Drop Point of Sale Builder

finalpos

A
100

Short Description: Transform your WooCommerce store with Final POS, the drag-and-drop point of sale builder that syncs with your shop.

60 No CVEs
Vitepos – Point of Sale (POS) for WooCommerce

Vitepos – Point of Sale (POS) for WooCommerce

vitepos-lite

A
92

Fast, modern WooCommerce POS plugin for managing sales, outlets, and cashiers directly in WordPress.

2K 5 CVEs
FooSales – Point of Sale (POS) for WooCommerce

FooSales – Point of Sale (POS) for WooCommerce

foosales

A
100

FooSales POS is a point of sale (POS) system for WooCommerce that turns any computer, iPad or Android tablet into a retail checkout.

700 No CVEs
ConnectPOS | Point of Sale for WooCommerce

ConnectPOS | Point of Sale for WooCommerce

connectpos-pos-system-for-woocommerce

A
92

ConnectPOS is a global-awarded Point of Sale (POS) tailor-made for WooCommerce users in Fashion industry. We are the Bronze winner of 2021 Stevie Awar &hellip;

80 No CVEs
Developer Profile

wePOS – Point Of Sale (POS) for WooCommerce Developer Profile

weDevs

20 plugins · 113K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
366 days
View full developer profile
Detection Fingerprints

How We Detect wePOS – Point Of Sale (POS) for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wepos/assets/css/backend.css/wp-content/plugins/wepos/assets/css/frontend.css/wp-content/plugins/wepos/assets/js/backend.js/wp-content/plugins/wepos/assets/js/frontend.js/wp-content/plugins/wepos/assets/js/wepos-vue.js/wp-content/plugins/wepos/assets/js/wepos-legacy.js
Script Paths
/wp-content/plugins/wepos/assets/js/backend.js/wp-content/plugins/wepos/assets/js/frontend.js/wp-content/plugins/wepos/assets/js/wepos-vue.js/wp-content/plugins/wepos/assets/js/wepos-legacy.js
Version Parameters
wepos/assets/css/backend.css?ver=wepos/assets/css/frontend.css?ver=wepos/assets/js/backend.js?ver=wepos/assets/js/frontend.js?ver=wepos/assets/js/wepos-vue.js?ver=wepos/assets/js/wepos-legacy.js?ver=

HTML / DOM Fingerprints

CSS Classes
wepos-app
HTML Comments
<!-- wePOS App --><!-- WEPOS -->
Data Attributes
v-cloak
JS Globals
wepos_vue_dataWepos
REST Endpoints
/wp-json/wepos/v1
Shortcode Output
[wepos_init]
FAQ

Frequently Asked Questions about wePOS – Point Of Sale (POS) for WooCommerce