Description
Path Traversal: '.../...//' vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Path Traversal.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.10.4.
Published: 2025-11-06
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A path traversal flaw exists in the Barcode Scanner with Inventory & Order Manager WordPress plugin that allows an attacker to navigate beyond intended directory boundaries. By manipulating URL parameters, malicious input can lead to reading sensitive files, consistent with CWE‑35.

Affected Systems

The vulnerability affects the Barcode Scanner with Inventory & Order Manager plugin for WordPress, distributed by Dmitry V. (CEO of "UKR Solution"). All released versions up to and including 1.10.4 are susceptible, meaning any WordPress site running these versions is at risk.

Risk and Exploitability

The CVSS score of 7.2 classifies this issue as high severity, while the very low EPSS score (< 1 %) and absence from the KEV catalog indicate exploitation is unlikely at present. Nonetheless, the flaw can be triggered remotely via crafted web requests, potentially exposing confidential files if the server misconfigures file handling.

Generated by OpenCVE AI on April 29, 2026 at 16:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Barcode Scanner with Inventory & Order Manager plugin to a version newer than 1.10.4, preferably the latest release.
  • If an update is not immediately available, harden the server by removing unnecessary file‑upload or file‑access capabilities and ensuring that all file path inputs are validated and constrained to approved directories.
  • Continuously monitor web server logs for abnormal requests that attempt to access protected paths and implement rate‑limiting or intrusion‑prevention controls to detect and block such attempts.

Generated by OpenCVE AI on April 29, 2026 at 16:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Mon, 17 Nov 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 13 Nov 2025 11:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
References

Thu, 06 Nov 2025 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Barcode Scanner
Barcode Scanner barcode Scanner With Inventory & Order Manager
Wordpress
Wordpress wordpress
Vendors & Products Barcode Scanner
Barcode Scanner barcode Scanner With Inventory & Order Manager
Wordpress
Wordpress wordpress

Thu, 06 Nov 2025 16:00:00 +0000

Type Values Removed Values Added
Description Path Traversal: '.../...//' vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Path Traversal.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.10.4.
Title WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.10.4 - Path Traversal vulnerability
Weaknesses CWE-35
References

Subscriptions

Barcode Scanner Barcode Scanner With Inventory & Order Manager
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T20:17:00.605Z

Reserved: 2025-09-06T04:45:10.579Z

Link: CVE-2025-58972

cve-icon Vulnrichment

Updated: 2025-11-17T16:20:16.037Z

cve-icon NVD

Status : Deferred

Published: 2025-11-06T16:16:00.320

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-58972

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T16:30:15Z

Weaknesses
  • CWE-35

    Path Traversal: '.../...//'