Cross-Site Request Forgery Vulnerability in Barcode Scanner with Inventory & Order Manager by UKR Solution
CVE-2026-42645

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Barcode Scanner With Inventory & Order Manager
Vendor: CVE Published:; 29 April 2026

What is CVE-2026-42645?

The Barcode Scanner with Inventory & Order Manager, developed by UKR Solution, is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This flaw enables an attacker to trick a user into executing unwanted actions on a web application in which they are authenticated. Versions of the plugin up to and including 1.11.0 are affected, leaving users exposed to potential unauthorized activities that may compromise their inventory management processes.

Affected Version(s)

Barcode Scanner with Inventory & Order Manager 0 <= 1.11.0

References

https://patchstack.com/database/Wordpress/Plugin/barcode-...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

Legion Hunter | Patchstack Bug Bounty Program

CVE-2026-42645 Data

JSON

WordPress

What is CVE-2026-42645?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit