CVE-2026-6072

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin protects its entire /wp-json/pos-bridge/ REST API namespace through the oliverposrestauthentication...

EUVD-2026-31036

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin protects its entire /wp-json/pos-bridge/ REST API namespace through the oliverposrestauthentication...

PT-2025-47711

Name of the Vulnerable Software and Affected Versions Vitepos – Point of Sale POS for WooCommerce versions up to and including 3.3.0 Description The Vitepos – Point of Sale POS for WooCommerce plugin for WordPress is susceptible to arbitrary file uploads due to a lack of file type validation with...

CVE-2024-13513

CVE-2024-13513 affects the Oliver POS – a WooCommerce WordPress plugin, with Sensitive Information Exposure via the plugin’s logging functionality in versions up to 2.4.2.3. Unauthenticated attackers could extract sensitive data (e.g., clientToken) from logs, enabling changes to user account info...

WordPress Oliver POS plugin <= 2.4.2.3 - Sensitive Information Exposure to Privilege Escalation vulnerability

Sensitive Information Exposure to Privilege Escalation vulnerability discovered by Krzysztof Zając in WordPress Plugin Oliver POS versions = 2.4.2.3...

CVE-2024-0702 Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.2.1 - Missing Authorization

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/class-pos-bridge-install.php file in all versions up to, and including, 2.4.2.1 This makes it possible f...