Oliver POS WooCommerce Plugin Sensitive Information Exposure Vulnerability
Vulnerability
A vulnerability allowing sensitive information exposure has been identified in the Oliver POS WooCommerce Point of Sale plugin for WordPress, affecting all versions through 2.4.2.3. The issue arises from the plugin's logging functionality, which unintentionally exposes sensitive data such as the clientToken. This token can be exploited by unauthenticated attackers to manipulate user account information, including emails and account types. Such changes would enable attackers to reset account passwords, potentially leading to a complete site takeover. Although version 2.4.2.3 has removed the logging feature, sites that had previously generated log files remain at risk.
Impact
Exploitation of this vulnerability allows for unauthorized access to sensitive user information, which can be used to escalate privileges and take over user accounts, including administrative accounts.
Remediation
Users are advised to update the Oliver POS WooCommerce Point of Sale plugin to version 2.4.2.4 or a newer patched version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.