Oliver POS WooCommerce Plugin Authorization Bypass Vulnerability

A vulnerability allowing authorization bypass has been identified in the Oliver POS WooCommerce Point of Sale plugin for WordPress, affecting all versions up to and including 2.4.2.6. The vulnerability arises because the plugin's REST API authentication relies on a loose comparison of the 'OliverAuth' header value with an authorization token option that is unset by default. This allows unauthenticated attackers to gain access to sensitive user data and perform actions such as updating or deleting user profiles.

Impact

Exploitation of this vulnerability allows unauthorized users to access all POS API endpoints, with the ability to read, update, and delete user data. This includes sensitive actions like modifying administrator details or deleting non-admin users, which could lead to a complete takeover of the affected site.

Reproduction

To reproduce this vulnerability, send a request to any POS API endpoint with the 'OliverAuth' header set to '0'. This exploits the loose comparison in the authentication callback, bypassing authorization checks and granting access to the API.

Remediation

No patch is currently available. Users are advised to uninstall the affected plugin and seek a replacement.