Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical1
High1
Medium2
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2026-05-20

CVE-2026-6072 - Oliver Pos Plugin

The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin protects its entire /wp-json/pos-bridge/* REST API namespace through the oliver_pos_rest_authentication() permission callback, which uses a loose PHP comparison (==) to compare the attacker-supplied 'OliverAuth' header value against the 'oliver_pos_authorization_token' option. On fresh installations where the admin has not yet completed the connection flow, this option is unset (get_option returns false). Due to PHP's type juggling, the loose comparison '0'…

PLUGIN Oliver Pos

CVE-2026-6072

MEDIUM CVSS 6.5 2026-05-20
Open Full Technical Breakdown
Threat Entry Updated 2025-02-25

CVE-2024-13513 - Oliver Pos Plugin

The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data including the plugin's clientToken, which in turn can be used to change user account information including emails and account type. This allows attackers to then change account passwords resulting in a complete site takeover. Version 2.4.2.3 disabled logging but left sites with existing log files vulnerable.

PLUGIN Oliver Pos

CVE-2024-13513

CRITICAL CVSS 9.8 2025-02-15
Open Full Technical Breakdown
Threat Entry Updated 2025-03-04

CVE-2024-0702 - Oliver Pos Plugin

The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/class-pos-bridge-install.php file in all versions up to, and including, 2.4.1.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more.

PLUGIN Oliver Pos

CVE-2024-0702

HIGH CVSS 7.3 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2025-03-04

CVE-2024-1954 - Oliver Pos Plugin

The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1.8. This is due to missing or incorrect nonce validation in the includes/class-pos-bridge-install.php file. This makes it possible for unauthenticated attackers to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Oliver Pos

CVE-2024-1954

MEDIUM CVSS 6.3 2024-02-28
Open Full Technical Breakdown
Scroll to top