vulnerability
WordPress Plugin: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders: CVE-2024-33567: Improper Privilege Management
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Apr 25, 2024 | May 15, 2025 | May 4, 2026 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Apr 25, 2024
Added
May 15, 2025
Modified
May 4, 2026
Description
The Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes and create orders with barcode reader. plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.3. This is due to the plugin not properly restricting user meta values that can be updated. This makes it possible for unauthenticated attackers to elevate their privileges to an administrator.
Solution
barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-plugin-cve-2024-33567
References
- https://www.cve.org/CVERecord?id=CVE-2024-33567
- https://www.wordfence.com/threat-intel/vulnerabilities/id/dffaf909-72f5-466f-8dd0-d46a81402caf?source=api-prod
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-31304
- CVE-2024-33567
- https://attackerkb.com/topics/CVE-2024-33567
- CWE-269
- EUVD-EUVD-2024-31304
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.