CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

RedhatCVE•added 2026/06/05 7:32 p.m.•7 views

CVE-2026-6072

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin protects its entire /wp-json/pos-bridge/ REST API namespace through the oliverposrestauthentication...

6.5CVSS5.4AI score0.00475EPSS

Exploits0References1

Patchstack•added 2026/05/25 7:27 a.m.•8 views

WordPress Oliver POS plugin < 4.5.4 - Other Vulnerability Type vulnerability

Other Vulnerability Type vulnerability discovered by Hunter Jensen skid in WordPress Plugin Oliver POS versions 4.5.4...

6.5CVSS5.8AI score0.00475EPSS

Exploits0References1Affected Software1

NVD•added 2026/05/20 2:16 a.m.•15 views

CVE-2026-6072

6.5CVSS0.00475EPSS

Exploits0References11

Vulnrichment•added 2026/05/20 1:25 a.m.•9 views

CVE-2026-6072 Oliver POS <= 2.4.2.6 - Unauthenticated Authorization Bypass Through User-Controlled Key to 'OliverAuth' Header

6.5CVSS5.7AI score0.00475EPSS

Exploits0References11

Cvelist•added 2026/05/20 1:25 a.m.•37 views

CVE-2026-6072 Oliver POS <= 2.4.2.6 - Unauthenticated Authorization Bypass Through User-Controlled Key to 'OliverAuth' Header

6.5CVSS0.00475EPSS

Exploits0References11

ATTACKERKB•added 2026/05/20 1:25 a.m.•5 views

CVE-2026-6072

6.5CVSS5.7AI score0.00475EPSS

Exploits0References12

CVE•added 2026/05/20 1:25 a.m.•17 views

CVE-2026-6072

The Oliver POS plugin for WordPress (WooCommerce integration) is affected up to version 2.4.2.6 by an Authorization Bypass in the /wp-json/pos-bridge/* API. The issue arises from a loose PHP comparison in oliver_pos_rest_authentication() that compares the attacker-supplied OliverAuth header to th...

6.5CVSS5.7AI score0.00475EPSS

Exploits0References11

EUVD•added 2026/05/20 1:25 a.m.•8 views

EUVD-2026-31036

6.5CVSS5.7AI score0.00475EPSS

Exploits0References11

Positive Technologies•added 2026/05/20 12:0 a.m.•15 views

PT-2026-42058

6.5CVSS5.7AI score0.00475EPSS

Exploits0References12

CNNVD•added 2026/05/20 12:0 a.m.•8 views

WordPress plugin Oliver POS 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.5CVSS5.8AI score0.00475EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 9:41 a.m.•5 views

CVE-2024-1954

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1.8. This is due to missing or incorrect nonce validation in the includes/class-pos-bridge-install.php file. This makes it possible for...

6.3CVSS5.9AI score0.00215EPSS

Exploits0References1

RedhatCVE•added 2025/02/17 8:16 a.m.•14 views

CVE-2024-13513

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data including the plugin's...

9.8CVSS9.2AI score0.00722EPSS

Exploits2References1

OSV•added 2025/02/15 8:15 a.m.•3 views

CVE-2024-13513

9.8CVSS5.5AI score0.00722EPSS

Exploits2References3

Cvelist•added 2025/02/15 7:33 a.m.•17 views

CVE-2024-13513 Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.2.3 - Sensitive Information Exposure to Privilege Escalation

9.8CVSS0.00722EPSS

Exploits2References3

CVE•added 2025/02/15 7:33 a.m.•89 views

CVE-2024-13513

CVE-2024-13513 affects the Oliver POS – a WooCommerce WordPress plugin, with Sensitive Information Exposure via the plugin’s logging functionality in versions up to 2.4.2.3. Unauthenticated attackers could extract sensitive data (e.g., clientToken) from logs, enabling changes to user account info...

9.8CVSS6.6AI score0.00722EPSS

Exploits2References3Affected Software1

Patchstack•added 2025/02/14 10:3 p.m.•5 views

WordPress Oliver POS plugin <= 2.4.2.3 - Sensitive Information Exposure to Privilege Escalation vulnerability

Sensitive Information Exposure to Privilege Escalation vulnerability discovered by Krzysztof Zając in WordPress Plugin Oliver POS versions = 2.4.2.3...

9.8CVSS6.9AI score0.00722EPSS

Exploits2References1Affected Software1

OSV•added 2024/02/29 1:43 a.m.•0 views

CVE-2024-0702

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/class-pos-bridge-install.php file in all versions up to, and including, 2.4.1.8. This makes it possible...

7.3CVSS5.8AI score0.00511EPSS

Exploits0References2

CNNVD•added 2024/02/29 12:0 a.m.•2 views

WordPress Plugin Oliver POS Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

7.3CVSS6.7AI score0.00511EPSS

Exploits0References3

NVD•added 2024/02/28 9:15 a.m.•14 views

CVE-2024-1954

6.3CVSS6AI score0.00215EPSS

Exploits0References2

Cvelist•added 2024/02/28 8:33 a.m.•18 views

CVE-2024-1954 Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.1.8 - Cross-Site Request Forgery

6.3CVSS6.1AI score0.00215EPSS

Exploits0References2

Rows per page