What the vulnerability does
01Description
Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.5.3.
Explanation of Vulnerability in Simple Terms
02Summary
The Barcode Scanner with Inventory & Order Manager plugin fails to properly check user permissions before allowing access to sensitive functions. An attacker can trick a site user into visiting a malicious link, which then performs unauthorized actions on the site. The vulnerability affects all versions up to 1.5.3 and impacts confidentiality, integrity, and availability of the site.
What an attacker can do
03Attacker Capabilities
Perform unauthorized actions on the site by tricking a user into clicking a malicious link.
Potential impact on your site
04Site Impact
Unauthorized changes to inventory, orders, or other plugin data; potential data exposure or site disruption.
Conditions required to exploit
05Prerequisites
The attacker must trick a site user into visiting a malicious link or page (user interaction required).
Key dates
06Disclosure timeline
August 31, 2025
CVE published
April 28, 2026
Record updated