Impact
The vulnerability is an unauthenticated broken access control flaw in WordPress WooCommerce POS plugin versions 1.8.14 and earlier. It allows an attacker to execute actions that are normally restricted to authenticated users, effectively elevating privileges.
Affected Systems
All installations of the kilbot WooCommerce POS plugin running version 1.8.14 or lower are vulnerable. Sites that have not applied the upgrade to 1.9.0 or later run the risk if the plugin is enabled and web access to its administrative interfaces is not properly restricted.
Risk and Exploitability
The CVSS score of 7.5 indicates a high severity issue, while the EPSS score of less than 1% suggests a low likelihood of exploitation at present, and it is not listed in CISA’s KEV catalog. The likely attack vector is a web‑based request to the plugin’s endpoints, exploiting its lack of authentication checks, which could grant an attacker administrative privileges without credentials.
OpenCVE Enrichment