VYPR

Oliver Pos

by Oliverpos

CVEs (4)

  • CVE-2024-0702HigFeb 29, 2024
    risk 0.47cvss 7.3epss 0.01

    The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/class-pos-bridge-install.php file in all versions up to, and including, 2.4.2.1…

  • CVE-2026-6072MedMay 20, 2026
    risk 0.42cvss 6.5epss 0.00

    The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin protects its entire /wp-json/pos-bridge/* REST API namespace through the…

  • CVE-2024-1954MedFeb 28, 2024
    risk 0.41cvss 6.3epss 0.00

    The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1.8. This is due to missing or incorrect nonce validation in the includes/class-pos-bridge-install.php file. This makes…

  • CVE-2024-13513Feb 15, 2025
    risk 0.00cvss epss 0.01

    The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data…