Impact
This vulnerability is an unauthenticated broken access control flaw in WordPress POS Entegratör plugin version 3.7.103 and earlier. An attacker can exploit the lack of proper authorization checks to gain administrative privileges within the plugin interface, potentially allowing them to modify, delete, or create transactions, alter inventory data, or compromise sensitive business information. The weakness is classified as CWE‑862, reflecting insufficient access control enforcement.
Affected Systems
Affecting the Gurmehub POS Entegratör plugin for WordPress. Versions up to and including 3.7.103 are vulnerable; any site using these plugin versions is at risk.
Risk and Exploitability
The flaw has a CVSS score of 8.2, indicating high severity. The EPSS score is not available, making it unclear how frequently it is targeted, but its presence in the knowledge base suggests it could be leveraged by attackers. The vulnerability is not currently listed in the CISA KEV catalog, but its unauthenticated nature means that anyone with network access to the WordPress installation can potentially exploit it. Attackers would need only to send crafted requests to the vulnerable plugin endpoints; no special privileges or prior authentication are required.
OpenCVE Enrichment