CVE-2025-58972 HIGH

CVE-2025-58972: WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.10.4 - Path Traversal vulnerability

Vendor Dmitry V. (Ceo Of "Ukr Solution")
Product Barcode Scanner with Inventory & Order Manager
Weakness CWE-35
Published November 6, 2025
Last update April 28, 2026

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Path Traversal: '.../...//' vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Path Traversal.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.10.4.

Explanation of Vulnerability in Simple Terms

02Summary

Barcode Scanner with Inventory & Order Manager versions 1.10.4 and earlier contain a vulnerability allowing authenticated administrators to read sensitive data, modify records, and disrupt service. The flaw requires high-level privileges and network access but does not require user interaction. Affected installations should update immediately.

What an attacker can do

03Attacker Capabilities

An authenticated admin can read sensitive data, modify records, and disrupt service availability.

Potential impact on your site

04Site Impact

Admins with compromised credentials can access confidential inventory data, alter orders, and cause downtime.

Conditions required to exploit

05Prerequisites

Attacker must have administrator-level credentials and network access to the application.

Key dates

06Disclosure timeline

November 6, 2025 CVE published
April 28, 2026 Record updated