Vulnerabilities and security researches forwoocommerce-pos woocommerce-pos

Jun 06, 2024

CVE, Research URL: CVE-2024-2384
Home page URL: Security reports for WooCommerce POS
Application: WooCommerce POS
Date: Mar 20, 2024
Research Description: The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.4.11. This is due to the plugin not properly verifying the authentication and authorization of the current user This makes it possible for authenticated attackers, with customer-level access and above, to view potentially sensitive information about other users by leveraging their order id
Affected versions: Min -, max -.
Status: vulnerable

May 18, 2025

CVE, Research URL: CVE-2025-48117
Home page URL: Security reports for WooCommerce POS
Application: WooCommerce POS
Date: May 16, 2025
Research Description: Missing Authorization vulnerability in kilbot WooCommerce POS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce POS: from n/a through 1.7.8.
Affected versions: Min -, max -.
Status: vulnerable