cleantalk
Vulnerabilities and Security Researches

WooCommerce POS, CVE-2024-2384

CVE, Research URL

CVE-2024-2384

Home page URL

Security reports for WooCommerce POS

Application

WooCommerce POS

Published on
Mar 20, 2024
Research Description
The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.4.11. This is due to the plugin not properly verifying the authentication and authorization of the current user This makes it possible for authenticated attackers, with customer-level access and above, to view potentially sensitive information about other users by leveraging their order id
Affected versions
Min -, max 1.4.12.
Status
vulnerable
Previous vulnerability researches
WooCommerce POS (CVE-2025-48117) , May 18, 2025
WooCommerce POS (CVE-2024-2384) , Jun 06, 2024
New vulnerability
Bold Page Builder (CVE-2025-3715) , May 18, 2025
Wise Chat (CVE-2024-13613) , May 18, 2025
WP Booking Calendar (CVE-2025-4669) , May 18, 2025
WooCommerce POS (CVE-2025-48117) , May 18, 2025
BERTHA AI. Your AI co-pilot for WordPress and Chrome (CVE-2025-48138) , May 18, 2025