CVE-2024-0702
Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.2.1 - Missing Authorization
CVSS Score
7.3
EPSS Score
0.0%
EPSS Percentile
0th
The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/class-pos-bridge-install.php file in all versions up to, and including, 2.4.2.1 This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more.
| CWE | CWE-862 |
| Vendor | oliverpos |
| Product | oliver pos – a woocommerce point of sale (pos) |
| Published | Feb 20, 2024 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for oliverpos oliver pos – a woocommerce point of sale (pos)
Be the first to know when new high vulnerabilities affecting oliverpos oliver pos – a woocommerce point of sale (pos) are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
oliverpos / Oliver POS – A WooCommerce Point of Sale (POS)
0 ≤ 2.4.2.0
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c6f351-477b-4384-9863-fe3b45ddf21d?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/class-pos-bridge-install.php#L11 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038694%40oliver-pos&new=3038694%40oliver-pos&sfp_email=&sfph_mail=
Credits
Francesco Carlucci