Description
Unauthenticated Broken Access Control in POS Entegratör <= 3.7.103 versions.
Published: 2026-07-02
Score: 8.2 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is an unauthenticated broken access control flaw in WordPress POS Entegratör plugin version 3.7.103 and earlier. An attacker can exploit the lack of proper authorization checks to gain administrative privileges within the plugin interface, potentially allowing them to modify, delete, or create transactions, alter inventory data, or compromise sensitive business information. The weakness is classified as CWE‑862, reflecting insufficient access control enforcement.

Affected Systems

Affecting the Gurmehub POS Entegratör plugin for WordPress. Versions up to and including 3.7.103 are vulnerable; any site using these plugin versions is at risk.

Risk and Exploitability

The flaw has a CVSS score of 8.2, indicating high severity. The EPSS score is not available, making it unclear how frequently it is targeted, but its presence in the knowledge base suggests it could be leveraged by attackers. The vulnerability is not currently listed in the CISA KEV catalog, but its unauthenticated nature means that anyone with network access to the WordPress installation can potentially exploit it. Attackers would need only to send crafted requests to the vulnerable plugin endpoints; no special privileges or prior authentication are required.

Generated by OpenCVE AI on July 2, 2026 at 15:09 UTC.

Remediation

Vendor Solution

Update the WordPress POS Entegratör Plugin to the latest available version (at least 3.8.0).


OpenCVE Recommended Actions

  • Apply the latest plugin version (3.8.0 or newer).
  • Restrict access to the POS Entegratör administrative pages to users with appropriate roles, such as administrators.
  • If an immediate update is not possible, disable or delete the plugin until a patched version is available.

Generated by OpenCVE AI on July 2, 2026 at 15:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Jul 2026 11:30:00 +0000

Type Values Removed Values Added
Description Unauthenticated Broken Access Control in POS Entegratör <= 3.7.103 versions.
Title WordPress POS Entegratör plugin <= 3.7.103 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-07-02T11:27:23.907Z

Reserved: 2026-06-25T08:03:50.157Z

Link: CVE-2026-57688

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T15:15:03Z

Weaknesses