cleantalk
Vulnerabilities and Security Researches

Oliver POS – A WooCommerce Point of Sale (POS), CVE-2024-1954

CVE, Research URL

CVE-2024-1954

Home page URL

Security reports for Oliver POS – A WooCommerce Point of Sale (POS)

Application

Oliver POS – A WooCommerce Point of Sale (POS)

Published on
Feb 28, 2024
Research Description
The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1.8. This is due to missing or incorrect nonce validation in the includes/class-pos-bridge-install.php file. This makes it possible for unauthenticated attackers to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 2.4.1.9.
Status
vulnerable
Previous vulnerability researches
Oliver POS – A WooCommerce Point of Sale (POS) (CVE-2026-6072) , May 23, 2026
Oliver POS – A WooCommerce Point of Sale (POS) (CVE-2024-1954) , Jun 07, 2024
Oliver POS – A WooCommerce Point of Sale (POS) (CVE-2024-0702) , Jun 07, 2024
Oliver POS – A WooCommerce Point of Sale (POS) (CVE-2024-13513) , Feb 16, 2025
New vulnerability
Email Marketing, Newsletter, Email Automation and CRM Plugin for WordPress by FluentCRM (CVE-2026-7798) , May 23, 2026
WP Directory Kit (CVE-2026-42672) , May 23, 2026
診断ジェネレータ作成プラグイン (CVE-2026-5293) , May 23, 2026
MyCryptoCheckout – Bitcoin, Ethereum, and 100+ altcoins for WooCommerce (CVE-2026-45209) , May 23, 2026
SponsorMe (CVE-2026-8626) , May 23, 2026