What is the severity of CVE-2025-22723?

CVE-2025-22723 is considered a critical vulnerability due to the unrestricted upload of dangerous file types.

What versions of the software are affected by CVE-2025-22723?

CVE-2025-22723 affects versions of the software from n/a up to 1.6.7.

What type of vulnerability is CVE-2025-22723?

CVE-2025-22723 is an unrestricted file upload vulnerability that can allow the upload of web shells.

What are the potential risks associated with CVE-2025-22723?

The risks associated with CVE-2025-22723 include unauthorized access to the server and potential compromise of sensitive data.

Vulnerability/
CVE-2025-22723

critical

9.1

CWE

434

EPSS

0.043%

21/1/2025

12/2/2025

CVE-2025-22723: WordPress Barcode Scanner and Inventory manager plugin <= 1.6.7 - Arbitrary File Upload vulnerability

Q: How do I fix CVE-2025-22723?

To fix CVE-2025-22723, update UkrSolution Barcode Scanner with Inventory & Order Manager to version 1.6.8 or later.

First published: Tue Jan 21 2025(Updated: )

Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Upload a Web Shell to a Web Server. This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.6.7.

Credit: audit@patchstack.com

Affected Software	Affected Version	How to fix
UkrSolution Barcode Scanner and Inventory Manager WordPress	>=n/a<=1.6.7
WordPress Qr Code and Barcode Scanner Reader	<=1.6.7

Remedy

Update the WordPress Barcode Scanner with Inventory & Order Manager wordpress plugin to the latest available version (at least 1.7.0).

Never miss a vulnerability like this again

Reference Links

https://patchstack.com/database/wordpress/plugin/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/vulnerability/wordpress-barcode-scanner-and-inventory-manager-plugin-1-6-7-arbitrary-file-upload-vulnerability?_s_id=cve

Frequently Asked Questions

What is the severity of CVE-2025-22723?
CVE-2025-22723 is considered a critical vulnerability due to the unrestricted upload of dangerous file types.
How do I fix CVE-2025-22723?
To fix CVE-2025-22723, update UkrSolution Barcode Scanner with Inventory & Order Manager to version 1.6.8 or later.
What versions of the software are affected by CVE-2025-22723?
CVE-2025-22723 affects versions of the software from n/a up to 1.6.7.
What type of vulnerability is CVE-2025-22723?
CVE-2025-22723 is an unrestricted file upload vulnerability that can allow the upload of web shells.
What are the potential risks associated with CVE-2025-22723?
The risks associated with CVE-2025-22723 include unauthorized access to the server and potential compromise of sensitive data.

agent/remedy
agent/title
agent/references
agent/weakness
agent/description
agent/first-publish-date
agent/type
collector/nvd-api
source/NVD
agent/severity
agent/author
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/epss-latest
source/FIRST
agent/epss
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/ukrsolution
canonical/ukrsolution barcode scanner and inventory manager wordpress
vendor/wordpress
canonical/wordpress qr code and barcode scanner reader

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.