VORP Inventory Item Exploit - from 01.07.2024

client.lua

TriggerServerEvent('syn_weapons:buyammo', 'water', 0, 1, 'Water')
TriggerServerEvent('syn_weapons:buyammo', 'water', 0, 1, 'Water')
TriggerServerEvent('syn_weapons:buyammo', 'water', 0, 1, 'Water')
TriggerServerEvent('syn_weapons:buyammo', 'water', 0, 1, 'Water')
TriggerServerEvent('syn_weapons:buyammo', 'water', 0, 1, 'Water')
TriggerServerEvent('syn_weapons:buyammo', 'water', 0, 1, 'Water')
TriggerServerEvent('syn_weapons:buyammo', 'water', 0, 1, 'Water')

-- Be careful, or you might flood your script with water

Partly it was fixed from next commit: VORPCORE/vorp_weaponsv2@e0676b0
But you can still exploit it by passing needed parameters from client to server like item price and ped coordinates. As the result you can buy any item just for $1 each.

TriggerServerEvent('syn_weapons:buyammo', {price=1, item='water'}, 'Water', {Pos=GetEntityCoords(PlayerPedId())}, 1, 'Stepping on the same rake over and over again.')

It's finally fixed

VORPCORE/vorp_weaponsv2@3e1c909

It's interesting how the maintainer first decided to ignore the issue when it was mentioned in this thread:
here

Only after yesterday's drama on CFX discord something started is going on here.