- Description
- The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data including the plugin's clientToken, which in turn can be used to change user account information including emails and account type. This allows attackers to then change account passwords resulting in a complete site takeover. Version 2.4.2.3 disabled logging but left sites with existing log files vulnerable.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-862
- Hype score
- Not currently trending
CVE-2024-13513 The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 … https://t.co/cMKgmQzH0Y
@CVEnew
15 Feb 2025
506 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-13513: CRITICAL] Oliver POS plugin for WordPress is vulnerable to Sensitive Information Exposure allowing attackers to extract clientToken and change account information, leading to a site takeover. Upd...#cybersecurity,#vulnerability https://t.co/e2Ngh7J0W4 https://t.c
@CveFindCom
15 Feb 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oliverpos:oliver_pos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6AA2213E-88C5-4DA6-9AA8-2B2F187570CC",
"versionEndExcluding": "2.4.2.4"
}
],
"operator": "OR"
}
]
}
]