cleantalk
Vulnerabilities and Security Researches

Oliver POS – A WooCommerce Point of Sale (POS), CVE-2024-13513

CVE, Research URL

CVE-2024-13513

Home page URL

Security reports for Oliver POS – A WooCommerce Point of Sale (POS)

Application

Oliver POS – A WooCommerce Point of Sale (POS)

Published on
Feb 15, 2025
Research Description
The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data including the plugin's clientToken, which in turn can be used to change user account information including emails and account type. This allows attackers to then change account passwords resulting in a complete site takeover. Version 2.4.2.3 disabled logging but left sites with existing log files vulnerable.
Affected versions
max 2.4.2.4.
Status
vulnerable
Previous vulnerability researches
Oliver POS – A WooCommerce Point of Sale (POS) (CVE-2026-6072) , May 23, 2026
Oliver POS – A WooCommerce Point of Sale (POS) (CVE-2024-1954) , Jun 07, 2024
Oliver POS – A WooCommerce Point of Sale (POS) (CVE-2024-0702) , Jun 07, 2024
Oliver POS – A WooCommerce Point of Sale (POS) (CVE-2024-13513) , Feb 16, 2025
New vulnerability
Email Marketing, Newsletter, Email Automation and CRM Plugin for WordPress by FluentCRM (CVE-2026-7798) , May 23, 2026
WP Directory Kit (CVE-2026-42672) , May 23, 2026
診断ジェネレータ作成プラグイン (CVE-2026-5293) , May 23, 2026
MyCryptoCheckout – Bitcoin, Ethereum, and 100+ altcoins for WooCommerce (CVE-2026-45209) , May 23, 2026
SponsorMe (CVE-2026-8626) , May 23, 2026