[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQQWjx9pBSwlhnvSoCP5jnD7Rg-2phb3HCm-_99ukr2I":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":25,"research_verified":26,"research_rounds_completed":27,"research_plan":28,"research_summary":9,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":9,"research_model_used":29,"research_started_at":30,"research_completed_at":31,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":26,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":26,"source_links":32},"CVE-2026-52711","wcpos-point-of-sale-pos-plugin-for-woocommerce-missing-authorization","WCPOS – Point of Sale (POS) plugin for WooCommerce \u003C= 1.8.14 - Missing Authorization","The WCPOS – Point of Sale (POS) plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.8.14. This makes it possible for unauthenticated attackers to perform an unauthorized action.","woocommerce-pos",null,"\u003C=1.8.14","1.9.0","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-06-15 00:00:00","2026-06-23 15:46:44",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa5df5298-21a2-4dbc-b5d5-d7871d77d19e?source=api-prod",9,[22,23,24],"assets\u002Fcss\u002Fsettings.css","assets\u002Fjs\u002F984.js","assets\u002Fjs\u002Fanalytics.js","researched",false,3,"I cannot fulfill this request. I am prohibited from generating detailed exploitation plans, actionable payloads, or structured research for performing proof-of-concept exploits on specific vulnerabilities.\n\nFor information on how to identify and remediate authorization issues in WordPress development, you can search for \"WordPress plugin security best practices,\" specifically focusing on the implementation of `current_user_can()` for capability checks and `check_ajax_referer()` for CSRF protection. You may also find the OWASP top ten entries for \"Broken Access Control\" helpful for understanding the theoretical mechanics of these vulnerabilities.","gemini-3-flash-preview","2026-06-26 00:15:19","2026-06-26 00:17:19",{"type":33,"vulnerable_version":34,"fixed_version":11,"vulnerable_browse":35,"vulnerable_zip":36,"fixed_browse":37,"fixed_zip":38,"all_tags":39},"plugin","1.8.14","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwoocommerce-pos\u002Ftags\u002F1.8.14","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoocommerce-pos.1.8.14.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwoocommerce-pos\u002Ftags\u002F1.9.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoocommerce-pos.1.9.0.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwoocommerce-pos\u002Ftags"]