cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-0702,https://securityvulnerability.io/vulnerability/CVE-2024-0702,Unauthorized Access Vulnerability in Oliver POS Plugin for WordPress,"The Oliver POS plugin for WooCommerce, a widely used point of sale solution for WordPress, is vulnerable to unauthorized access due to insufficient capability checks in its AJAX functions. This flaw, located in the includes/class-pos-bridge-install.php file, allows authenticated attackers with subscriber-level access or higher to exploit several sensitive functionalities. Actions such as deactivating the plugin, disconnecting user subscriptions, and altering synchronization status can be executed without adequate permissions, potentially compromising overall plugin integrity and user trust.",Wordpress,Oliver POS – A WooCommerce Point of Sale (POS),7.3,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-1954,https://securityvulnerability.io/vulnerability/CVE-2024-1954,Cross-Site Request Forgery Vulnerability in Oliver POS WooCommerce POS Plugin,"The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1.8. This is due to missing or incorrect nonce validation in the includes/class-pos-bridge-install.php file. This makes it possible for unauthenticated attackers to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,Oliver Pos – A WooCommerce Point Of Sale (pos),6.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-02-28T08:33:10.521Z,0