cleantalk
Vulnerabilities and Security Researches

Oliver POS – A WooCommerce Point of Sale (POS), CVE-2024-0702

CVE, Research URL

CVE-2024-0702

Home page URL

Security reports for Oliver POS – A WooCommerce Point of Sale (POS)

Application

Oliver POS – A WooCommerce Point of Sale (POS)

Published on
Feb 29, 2024
Research Description
The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/class-pos-bridge-install.php file in all versions up to, and including, 2.4.1.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more.
Affected versions
max 2.4.2.1.
Status
vulnerable
Previous vulnerability researches
Oliver POS – A WooCommerce Point of Sale (POS) (CVE-2026-6072) , May 23, 2026
Oliver POS – A WooCommerce Point of Sale (POS) (CVE-2024-1954) , Jun 07, 2024
Oliver POS – A WooCommerce Point of Sale (POS) (CVE-2024-0702) , Jun 07, 2024
Oliver POS – A WooCommerce Point of Sale (POS) (CVE-2024-13513) , Feb 16, 2025
New vulnerability
Email Marketing, Newsletter, Email Automation and CRM Plugin for WordPress by FluentCRM (CVE-2026-7798) , May 23, 2026
WP Directory Kit (CVE-2026-42672) , May 23, 2026
診断ジェネレータ作成プラグイン (CVE-2026-5293) , May 23, 2026
MyCryptoCheckout – Bitcoin, Ethereum, and 100+ altcoins for WooCommerce (CVE-2026-45209) , May 23, 2026
SponsorMe (CVE-2026-8626) , May 23, 2026