Verified purchaser
I'm having problems with this plugin
I installed Vitepos as part of my WooCommerce/POS setup, but my security scanner (Malcare- also purchased on appsumo) has now flagged a file inside the Vitepos plugin directory as infected:
/wp-content/plugins/vitepos/vitepos/helper/plugin-helper.php
The detection was reported on June 10, 2026. Because this file is located directly inside the Vitepos plugin folder, I had to treat it as a serious WordPress security incident. I deactivated the plugin, began scanning the full site, and now have to verify whether this was a compromised plugin file, a vulnerability-related issue, or some other form of infection.
This is especially concerning because a POS plugin is not a small add-on. It sits close to WooCommerce operations, store data, transactions, and customer trust. A plugin used for sales and checkout operations has to meet a very high security standard.
At this point, I cannot continue using Vitepos until the issue is fully resolved and the site scans clean. I would strongly recommend that the developer investigate this file path, confirm whether the current release is clean, explain what may have triggered the infection warning, and provide clear remediation steps for affected users.
The plugin may have useful functionality, but security has to come first. Right now, this experience has made me pause deployment and reconsider whether Vitepos is safe enough for a live business environment.
Alin_Vitepos
Jun 11, 2026We are sorry to hear that you faced this issue.
You mentioned that you reported it on June 10, 2026. Could you kindly confirm on which platform you submitted the report? We have checked our support system, WhatsApp chat, Messenger chat, and email records, but we could not find your report. It’s fine that you discovered the issue, but if you had shared it through our official support channels or ticket system, we would have been able to explain the reason more clearly.
Now, coming to the main point: the plugin-helper.php file is simply a normal PHP file. It does not contain any sensitive or critical data. We can give you 100% assurance that this file will not cause any security problems for your site, either now or in the future.
We are not sure why your Malcare security scanner flagged this normal PHP file as a threat. Our developers have confirmed that there is no security issue in this file. You can continue using our plugin safely, and we recommend configuring your security plugin to ignore this file so that it is not mistakenly detected as a security risk.
We hope this explanation helps, and we kindly request you to reconsider the review you provided based on this misunderstanding.
Thank you for your understanding and cooperation.