WP-Safety

WCPOS – Point of Sale (POS) plugin for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woocommerce-pos

WCPOS is a simple application for taking orders at the Point of Sale (POS) using your WooCommerce store.

6K active installs v1.8.14 PHP 7.4+ WP 5.6+ Updated Feb 19, 2026
ecommerceinventorypoint-of-saleposwoocommerce
98
A · Safe
CVEs total2
Unpatched0
Last CVEMay 16, 2025
Plugin page Download
Safety Verdict

Is WCPOS – Point of Sale (POS) plugin for WooCommerce Safe to Use in 2026?

Generally Safe

Score 98/100

WCPOS – Point of Sale (POS) plugin for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: May 16, 2025Updated 1mo ago
Risk Assessment

The "woocommerce-pos" plugin v1.8.14 exhibits a generally strong security posture with a commendable number of implemented security measures. The static analysis reveals a well-defended attack surface, with zero unprotected entry points across AJAX handlers, REST API routes, shortcodes, and cron events. The plugin also demonstrates good coding practices with a high percentage of SQL queries using prepared statements and properly escaped output. Nonce and capability checks are also extensively used, indicating a conscious effort to prevent common web vulnerabilities.

However, the presence of two "dangerous functions" (shell_exec, exec) is a notable concern. While taint analysis did not reveal any unsanitized paths or critical/high severity flows, the potential for these functions to be misused if not handled with extreme care is significant. The plugin's vulnerability history shows two medium severity CVEs, both related to missing authorization and insufficient data authenticity verification. While no unpatched vulnerabilities are currently listed, these past issues suggest that authorization and data validation require continued vigilance.

In conclusion, the "woocommerce-pos" plugin demonstrates many positive security attributes, particularly in its robust attack surface protection and use of prepared statements and output escaping. The primary areas for improvement and ongoing monitoring are the secure implementation of the identified dangerous functions and a continued focus on preventing authorization bypasses and data validation flaws, as evidenced by its historical vulnerability record.

Key Concerns

  • Dangerous functions (shell_exec, exec) present
  • 2 medium severity vulnerabilities in history
Vulnerabilities
2

WCPOS – Point of Sale (POS) plugin for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-48117medium · 5.3Missing Authorization

WooCommerce POS <= 1.7.8 - Missing Authorization

May 16, 2025 Patched in 1.7.9 (7d)
CVE-2024-2384medium · 4.3Insufficient Verification of Data Authenticity

WooCommerce POS <= 1.4.11 - Insufficient Verification of Data Authenticity to Authenticated (Customer+) Information Disclosure

Mar 19, 2024 Patched in 1.4.12 (1d)
Code Analysis
Analyzed Mar 16, 2026

WCPOS – Point of Sale (POS) plugin for WooCommerce Code Analysis

Dangerous Functions
2
Raw SQL Queries
9
66 prepared
Unescaped Output
35
302 escaped
Nonce Checks
13
Capability Checks
35
File Operations
10
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

shell_exec$load = @shell_exec( 'wmic cpu get loadpercentage /all' ); // phpcs:ignore WordPress.PHP.NoSilencedEincludes\API\Traits\WCPOS_REST_API.php:397
execexec( 'php -l ' . escapeshellarg( $temp_file ) . ' 2>&1', $output, $return_var );includes\Templates\Validator.php:242

SQL Query Safety

88% prepared75 total queries

Output Escaping

90% escaped337 total outputs
Data Flows
All sanitized

Data Flow Analysis

6 flows
save (includes\Admin\Permalink.php:45)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WCPOS – Point of Sale (POS) plugin for WooCommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 208
actionwpmu_new_blogincludes\Activator.php:34
actionplugins_loadedincludes\Activator.php:35
actionadmin_initincludes\Activator.php:47
actionadmin_initincludes\Activator.php:151
actionadmin_initincludes\Activator.php:175
actionshutdownincludes\Activator.php:240
actionwoocommerce_initincludes\Activator.php:245
actionadmin_initincludes\Activator.php:406
actionadmin_enqueue_scriptsincludes\Admin\Analytics.php:23
actionadmin_headincludes\Admin\Analytics.php:24
filtercustom_menu_orderincludes\Admin\Menu.php:41
filtermenu_orderincludes\Admin\Menu.php:42
actionadmin_enqueue_scriptsincludes\Admin\Menu.php:43
actionadmin_noticesincludes\Admin\Notices.php:29
actionwoocommerce_order_list_table_restrict_manage_ordersincludes\Admin\Orders\HPOS_List_Orders.php:31
filterwoocommerce_order_list_table_prepare_items_query_argsincludes\Admin\Orders\HPOS_List_Orders.php:32
filtermanage_woocommerce_page_wc-orders_columnsincludes\Admin\Orders\HPOS_List_Orders.php:35
actionmanage_woocommerce_page_wc-orders_custom_columnincludes\Admin\Orders\HPOS_List_Orders.php:36
actionadmin_enqueue_scriptsincludes\Admin\Orders\HPOS_List_Orders.php:37
actionrestrict_manage_postsincludes\Admin\Orders\List_Orders.php:24
filterparse_queryincludes\Admin\Orders\List_Orders.php:25
filtermanage_edit-shop_order_columnsincludes\Admin\Orders\List_Orders.php:28
actionmanage_shop_order_posts_custom_columnincludes\Admin\Orders\List_Orders.php:29
actionadmin_enqueue_scriptsincludes\Admin\Orders\List_Orders.php:30
filterwc_order_is_editableincludes\Admin\Orders\Single_Order.php:21
actionwoocommerce_admin_order_data_after_order_detailsincludes\Admin\Orders\Single_Order.php:22
actionwoocommerce_process_shop_order_metaincludes\Admin\Orders\Single_Order.php:23
actionwoocommerce_product_options_skuincludes\Admin\Products\List_Products.php:53
actionwoocommerce_process_product_metaincludes\Admin\Products\List_Products.php:54
actionwoocommerce_product_after_variable_attributesincludes\Admin\Products\List_Products.php:56
actionwoocommerce_save_product_variationincludes\Admin\Products\List_Products.php:65
filterposts_clausesincludes\Admin\Products\List_Products.php:69
filterviews_edit-productincludes\Admin\Products\List_Products.php:70
actionbulk_edit_custom_boxincludes\Admin\Products\List_Products.php:71
actionwoocommerce_product_bulk_edit_saveincludes\Admin\Products\List_Products.php:72
actionquick_edit_custom_boxincludes\Admin\Products\List_Products.php:73
actionmanage_product_posts_custom_columnincludes\Admin\Products\List_Products.php:74
actionwoocommerce_product_after_variable_attributesincludes\Admin\Products\List_Products.php:75
actionwoocommerce_save_product_variationincludes\Admin\Products\List_Products.php:84
filterwoocommerce_duplicate_product_exclude_metaincludes\Admin\Products\List_Products.php:93
actionwoocommerce_product_options_skuincludes\Admin\Products\Single_Product.php:62
actionwoocommerce_process_product_metaincludes\Admin\Products\Single_Product.php:63
actionwoocommerce_product_after_variable_attributesincludes\Admin\Products\Single_Product.php:64
actionwoocommerce_save_product_variationincludes\Admin\Products\Single_Product.php:65
actionsave_postincludes\Admin\Products\Single_Product.php:69
actionpost_submitbox_misc_actionsincludes\Admin\Products\Single_Product.php:70
actionwoocommerce_product_after_variable_attributesincludes\Admin\Products\Single_Product.php:71
actionwoocommerce_save_product_variationincludes\Admin\Products\Single_Product.php:72
actionwoocommerce_product_options_pricingincludes\Admin\Products\Single_Product.php:75
actionwoocommerce_product_options_taxincludes\Admin\Products\Single_Product.php:76
actionwoocommerce_variation_options_pricingincludes\Admin\Products\Single_Product.php:77
actionwoocommerce_variation_options_taxincludes\Admin\Products\Single_Product.php:78
actionadmin_enqueue_scriptsincludes\Admin\Settings.php:29
actionadmin_headincludes\Admin\Settings.php:30
actionin_admin_headerincludes\Admin\Settings.php:31
filterpost_row_actionsincludes\Admin\Templates\List_Templates.php:29
actionadmin_noticesincludes\Admin\Templates\List_Templates.php:30
actionadmin_headincludes\Admin\Templates\List_Templates.php:31
filterviews_edit-wcpos_templateincludes\Admin\Templates\List_Templates.php:32
filtermanage_wcpos_template_posts_columnsincludes\Admin\Templates\List_Templates.php:35
actionmanage_wcpos_template_posts_custom_columnincludes\Admin\Templates\List_Templates.php:36
filteruse_block_editor_for_post_typeincludes\Admin\Templates\Single_Template.php:26
filteruser_can_richeditincludes\Admin\Templates\Single_Template.php:29
actionadd_meta_boxes_wcpos_templateincludes\Admin\Templates\Single_Template.php:31
actionsave_post_wcpos_templateincludes\Admin\Templates\Single_Template.php:32
actionadmin_enqueue_scriptsincludes\Admin\Templates\Single_Template.php:33
actionadmin_noticesincludes\Admin\Templates\Single_Template.php:34
actionadmin_post_wcpos_activate_templateincludes\Admin\Templates\Single_Template.php:35
actionadmin_post_wcpos_copy_templateincludes\Admin\Templates\Single_Template.php:36
filterenter_title_hereincludes\Admin\Templates\Single_Template.php:37
actionedit_form_after_titleincludes\Admin\Templates\Single_Template.php:38
actionadmin_menuincludes\Admin.php:59
actionadmin_initincludes\Admin.php:60
actioncurrent_screenincludes\Admin.php:61
actionadmin_post_wcpos_activate_templateincludes\Admin.php:88
actionadmin_post_wcpos_copy_templateincludes\Admin.php:89
actionwoocommerce_product_quick_edit_saveincludes\AJAX.php:80
filterwoocommerce_rest_prepare_customerincludes\API\Customers_Controller.php:68
filterwoocommerce_rest_customer_queryincludes\API\Customers_Controller.php:69
filteris_protected_metaincludes\API\Customers_Controller.php:70
filterpre_option_woocommerce_registration_generate_passwordincludes\API\Customers_Controller.php:198
actionpre_user_queryincludes\API\Customers_Controller.php:515
actionpre_user_queryincludes\API\Customers_Controller.php:563
filterwoocommerce_rest_prepare_shop_order_objectincludes\API\Orders_Controller.php:102
filterwoocommerce_order_get_itemsincludes\API\Orders_Controller.php:103
actionwoocommerce_before_order_object_saveincludes\API\Orders_Controller.php:104
filterwoocommerce_rest_shop_order_object_queryincludes\API\Orders_Controller.php:105
actionwoocommerce_order_item_fee_after_calculate_taxesincludes\API\Orders_Controller.php:106
filterwoocommerce_email_recipient_customer_invoiceincludes\API\Orders_Controller.php:558
filterwoocommerce_order_get_meta_dataincludes\API\Orders_Controller.php:711
filterwoocommerce_orders_table_query_clausesincludes\API\Orders_Controller.php:796
filterposts_whereincludes\API\Orders_Controller.php:798
filterposts_orderbyincludes\API\Orders_Controller.php:1037
filterwoocommerce_orders_table_query_clausesincludes\API\Orders_Controller.php:1063
filterwoocommerce_rest_check_permissionsincludes\API\Payment_Gateways.php:43
filterwoocommerce_rest_prepare_payment_gatewayincludes\API\Payment_Gateways.php:44
filterwoocommerce_rest_prepare_product_objectincludes\API\Products_Controller.php:73
actionwoocommerce_rest_insert_product_objectincludes\API\Products_Controller.php:74
filterwoocommerce_rest_product_object_queryincludes\API\Products_Controller.php:75
filterposts_searchincludes\API\Products_Controller.php:76
filterposts_clausesincludes\API\Products_Controller.php:77
filterposts_joinincludes\API\Products_Controller.php:359
filterposts_groupbyincludes\API\Products_Controller.php:360
filterposts_whereincludes\API\Products_Controller.php:365
filterposts_whereincludes\API\Products_Controller.php:370
filterwoocommerce_rest_prepare_product_brandincludes\API\Product_Brands_Controller.php:57
filterwoocommerce_rest_product_brand_queryincludes\API\Product_Brands_Controller.php:58
filterterms_clausesincludes\API\Product_Brands_Controller.php:102
filterwoocommerce_rest_prepare_product_catincludes\API\Product_Categories_Controller.php:57
filterwoocommerce_rest_product_cat_queryincludes\API\Product_Categories_Controller.php:58
filterterms_clausesincludes\API\Product_Categories_Controller.php:102
filterwoocommerce_rest_prepare_product_tagincludes\API\Product_Tags_Controller.php:57
filterwoocommerce_rest_product_tag_queryincludes\API\Product_Tags_Controller.php:58
filterterms_clausesincludes\API\Product_Tags_Controller.php:102
filterwoocommerce_rest_prepare_product_variation_objectincludes\API\Product_Variations_Controller.php:63
actionwoocommerce_rest_insert_product_variation_objectincludes\API\Product_Variations_Controller.php:64
filterwoocommerce_rest_product_variation_object_queryincludes\API\Product_Variations_Controller.php:65
filterposts_searchincludes\API\Product_Variations_Controller.php:66
filterposts_joinincludes\API\Product_Variations_Controller.php:329
filterposts_groupbyincludes\API\Product_Variations_Controller.php:330
filterposts_whereincludes\API\Product_Variations_Controller.php:335
filterposts_whereincludes\API\Product_Variations_Controller.php:341
filteroption_woocommerce_pos_settings_payment_gatewaysincludes\API\Settings.php:42
filterpre_update_option_woocommerce_pos_pro_settings_licenseincludes\API\Settings.php:45
filterwoocommerce_rest_tax_queryincludes\API\Taxes_Controller.php:57
filterwoocommerce_rest_prepare_taxincludes\API\Taxes_Controller.php:58
filterqueryincludes\API\Taxes_Controller.php:136
filterrest_allowed_cors_headersincludes\API.php:53
filterrest_pre_serve_requestincludes\API.php:54
filterdetermine_current_userincludes\API.php:60
filterrest_authentication_errorsincludes\API.php:61
filterrest_indexincludes\API.php:64
filterrest_dispatch_requestincludes\API.php:67
filterrest_pre_dispatchincludes\API.php:68
filterwoocommerce_email_recipient_new_orderincludes\Emails.php:55
actionwoocommerce_order_status_pos-open_to_completedincludes\Emails.php:59
actionwoocommerce_order_status_pos-open_to_processingincludes\Emails.php:60
actionwoocommerce_order_status_pos-open_to_on-holdincludes\Emails.php:61
actionwoocommerce_order_status_pos-partial_to_completedincludes\Emails.php:62
actionwoocommerce_order_status_pos-partial_to_processingincludes\Emails.php:63
actionwoocommerce_order_status_pos-partial_to_on-holdincludes\Emails.php:64
actionwpincludes\Form_Handler.php:22
actionwpincludes\Form_Handler.php:23
actionwpincludes\Form_Handler.php:31
actionwoocommerce_thankyou_pos_cardincludes\Gateways\Card.php:41
actionwoocommerce_thankyou_pos_cashincludes\Gateways\Cash.php:43
filterwoocommerce_payment_gatewaysincludes\Gateways.php:21
filterwoocommerce_available_payment_gatewaysincludes\Gateways.php:22
actioninitincludes\Init.php:34
actionrest_api_initincludes\Init.php:35
filterquery_varsincludes\Init.php:36
filterrest_pre_serve_requestincludes\Init.php:39
actionsend_headersincludes\Init.php:40
actionsend_headersincludes\Init.php:41
filterdetermine_current_userincludes\Init.php:52
actionadmin_initincludes\Integrations\WePOS.php:23
actionadmin_noticesincludes\Integrations\WePOS.php:33
filteroption_wpseoincludes\Integrations\WPSEO.php:18
filterwc_order_statusesincludes\Orders.php:41
filterwoocommerce_order_needs_paymentincludes\Orders.php:42
filterwoocommerce_valid_order_statuses_for_paymentincludes\Orders.php:43
filterwoocommerce_valid_order_statuses_for_payment_completeincludes\Orders.php:44
filterwoocommerce_payment_complete_order_statusincludes\Orders.php:45
filterwoocommerce_bacs_process_payment_order_statusincludes\Orders.php:46
filterwoocommerce_cheque_process_payment_order_statusincludes\Orders.php:47
filterwoocommerce_cod_process_payment_order_statusincludes\Orders.php:48
filterwoocommerce_hidden_order_itemmetaincludes\Orders.php:49
filterwoocommerce_order_item_productincludes\Orders.php:50
filterwoocommerce_order_get_tax_locationincludes\Orders.php:51
actionwoocommerce_order_item_after_calculate_taxesincludes\Orders.php:52
actionwoocommerce_order_item_shipping_after_calculate_taxesincludes\Orders.php:53
actionwoocommerce_order_applied_couponincludes\Orders.php:54
filterwoocommerce_coupon_get_items_to_validateincludes\Orders.php:55
filterwoocommerce_order_item_get_subtotalincludes\Orders.php:502
filterwoocommerce_order_item_get_subtotal_taxincludes\Orders.php:503
actionwoocommerce_order_after_calculate_totalsincludes\Orders.php:504
actionwoocommerce_product_set_stockincludes\Products.php:27
actionwoocommerce_variation_set_stockincludes\Products.php:28
actionpre_get_postsincludes\Products.php:33
filterwoocommerce_variation_is_visibleincludes\Products.php:34
actionwoocommerce_store_api_validate_add_to_cartincludes\Products.php:35
filterwoocommerce_add_to_cart_validationincludes\Products.php:38
filterwoocommerce_stock_amountincludes\Products.php:51
actionwoocommerce_before_product_object_saveincludes\Products.php:52
actionactivated_pluginincludes\Services\Extensions.php:49
actiondeactivated_pluginincludes\Services\Extensions.php:50
filtershow_admin_barincludes\Templates\Auth.php:94
filterlogin_urlincludes\Templates\Frontend.php:49
actionwoocommerce_pos_headincludes\Templates\Frontend.php:75
actionwoocommerce_pos_footerincludes\Templates\Frontend.php:76
filterwoocommerce_is_checkoutincludes\Templates\Payment.php:85
filterwoocommerce_checkout_show_termsincludes\Templates\Payment.php:87
filtershow_admin_barincludes\Templates\Payment.php:90
actionwp_enqueue_scriptsincludes\Templates\Payment.php:103
filternonce_user_logged_outincludes\Templates\Payment.php:193
filtershow_admin_barincludes\Templates\Receipt.php:42
actionwoocommerce_pos_receipt_headincludes\Templates\Receipt.php:43
filtershow_admin_barincludes\Templates\Received.php:35
filteruser_has_capincludes\Templates\Received.php:52
filterwoocommerce_rest_check_permissionsincludes\Templates\Received.php:53
filteroption_rewrite_rulesincludes\Template_Router.php:69
actiontemplate_redirectincludes\Template_Router.php:70
filterwoocommerce_get_checkout_order_received_urlincludes\Template_Router.php:73
filterrest_pre_dispatchincludes\WC_API.php:41
filterposts_whereincludes\WC_API.php:42
actionadmin_noticeswoocommerce-pos.php:126
actionbefore_woocommerce_initwoocommerce-pos.php:147
actionplugins_loadedwoocommerce-pos.php:158
Maintenance & Trust

WCPOS – Point of Sale (POS) plugin for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 19, 2026
PHP min version7.4
Downloads411K

Community Trust

Rating74/100
Number of ratings79
Active installs6K
Alternatives

WCPOS – Point of Sale (POS) plugin for WooCommerce Alternatives

Goodtill Stock Sync

Goodtill Stock Sync

goodtill-stock-sync

A
100

Sync your Goodtill POS products and stock quantities with WooCommerce.

60 No CVEs
Vitepos – Point of Sale (POS) for WooCommerce

Vitepos – Point of Sale (POS) for WooCommerce

vitepos-lite

A
92

Fast, modern WooCommerce POS plugin for managing sales, outlets, and cashiers directly in WordPress.

2K 5 CVEs
wePOS – Point Of Sale (POS) for WooCommerce

wePOS – Point Of Sale (POS) for WooCommerce

wepos

A
100

WooCommerce point of sale WordPress plugin.

2K 1 CVE
Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale)

Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale)

barcode-scanner-lite-pos-to-manage-products-inventory-and-orders

B
75

Manage and sell (POS) your inventory. It reads barcodes & finds woocommerce products/orders. Create orders right from the wp-admin.

1K 14 CVEs
Oliver POS – A WooCommerce Point of Sale (POS)

Oliver POS – A WooCommerce Point of Sale (POS)

oliver-pos

A
94

Oliver POS is a WooCommerce Point of Sale (POS) integrated into your shop. Always in sync with your e-commerce shop, Oliver POS lets you sell in-store &hellip;

1K 3 CVEs
Developer Profile

WCPOS – Point of Sale (POS) plugin for WooCommerce Developer Profile

kilbot

1 plugin · 6K total installs

99
trust score
Avg Security Score
98/100
Avg Patch Time
4 days
View full developer profile
Detection Fingerprints

How We Detect WCPOS – Point of Sale (POS) plugin for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woocommerce-pos/dist/css/main.css/wp-content/plugins/woocommerce-pos/dist/js/chunk-vendors.js/wp-content/plugins/woocommerce-pos/dist/js/app.js
Script Paths
/wp-content/plugins/woocommerce-pos/dist/js/chunk-vendors.js/wp-content/plugins/woocommerce-pos/dist/js/app.js
Version Parameters
woocommerce-pos/dist/css/main.css?ver=woocommerce-pos/dist/js/chunk-vendors.js?ver=woocommerce-pos/dist/js/app.js?ver=

HTML / DOM Fingerprints

CSS Classes
woocommerce-pos-upgrade-noticewcpos-settings-pagewcpos-grid-wrapperwcpos-login-form-wrapperwcpos-checkout-wrapperwcpos-barcode-scanner-inputwcpos-add-product-buttonwcpos-change-payment-method-button
HTML Comments
<!-- WCPOS Admin Settings --><!-- WCPOS Login Form --><!-- WCPOS Checkout Area --><!-- WCPOS Product Search -->
Data Attributes
data-wcpos-viewdata-wcpos-product-iddata-wcpos-order-iddata-wcpos-field-name
JS Globals
WCPOSConfigwcposData
REST Endpoints
/wp-json/wcpos/v1/products/wp-json/wcpos/v1/orders/wp-json/wcpos/v1/customers
Shortcode Output
[wcpos_pos][wcpos_login][wcpos_receipt]
FAQ

Frequently Asked Questions about WCPOS – Point of Sale (POS) plugin for WooCommerce