CVE-2024-0702 - Vulnerability Details - OpenCVE

The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/class-pos-bridge-install.php file in all versions up to, and including, 2.4.1.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/class-pos-bridge-install.php#L11
https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c6f351-477b-4384-9863-fe3b45ddf21d?source=cve

History

No history.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-02-20T18:56:42.821Z

Updated: 2024-08-28T15:13:24.722Z

Reserved: 2024-01-18T20:44:00.792Z

Link: CVE-2024-0702

Vulnrichment

Updated: 2024-08-01T18:11:35.709Z

NVD

Status : Awaiting Analysis

Published: 2024-02-29T01:43:25.440

Modified: 2024-11-21T08:47:10.760

Link: CVE-2024-0702

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0702", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-01-18T20:44:00.792Z", "datePublished": "2024-02-20T18:56:42.821Z", "dateUpdated": "2024-08-28T15:13:24.722Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-02-20T18:56:42.821Z"}, "affected": [{"vendor": "oliverpos", "product": "Oliver POS \u2013 A WooCommerce Point of Sale (POS)", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "2.4.1.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Oliver POS \u2013 A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/class-pos-bridge-install.php file in all versions up to, and including, 2.4.1.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c6f351-477b-4384-9863-fe3b45ddf21d?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/class-pos-bridge-install.php#L11"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Francesco Carlucci"}], "timeline": [{"time": "2024-02-19T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.709Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c6f351-477b-4384-9863-fe3b45ddf21d?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/class-pos-bridge-install.php#L11", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "oliverpos", "product": "oliver_pos", "cpes": ["cpe:2.3:a:oliverpos:oliver_pos:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.4.8", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-28T15:08:31.913748Z", "id": "CVE-2024-0702", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T15:13:24.722Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c6f351-477b-4384-9863-fe3b45ddf21d?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/class-pos-bridge-install.php#L11", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.709Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0702", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-28T15:08:31.913748Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:oliverpos:oliver_pos:*:*:*:*:*:*:*:*"], "vendor": "oliverpos", "product": "oliver_pos", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.4.8"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T15:13:08.464Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Francesco Carlucci"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}}], "affected": [{"vendor": "oliverpos", "product": "Oliver POS \u2013 A WooCommerce Point of Sale (POS)", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.4.1.8"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-02-19T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c6f351-477b-4384-9863-fe3b45ddf21d?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/class-pos-bridge-install.php#L11"}], "descriptions": [{"lang": "en", "value": "The Oliver POS \u2013 A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/class-pos-bridge-install.php file in all versions up to, and including, 2.4.1.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-02-20T18:56:42.821Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0702", "state": "PUBLISHED", "dateUpdated": "2024-08-28T15:13:24.722Z", "dateReserved": "2024-01-18T20:44:00.792Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-02-20T18:56:42.821Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "The Oliver POS \u2013 A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/class-pos-bridge-install.php file in all versions up to, and including, 2.4.1.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more."}, {"lang": "es", "value": "Oliver POS: un complemento de punto de venta (POS) de WooCommerce para WordPress es vulnerable al acceso no autorizado debido a la falta de comprobaciones de capacidad en varias funciones conectadas a trav\u00e9s de AJAX en el archivo include/class-pos-bridge-install.php en todas las versiones hasta , incluido, 2.4.1.8. Esto hace posible que atacantes autenticados, con acceso a nivel de suscriptor y superior, realicen varias acciones no autorizadas como desactivar el complemento, desconectar la suscripci\u00f3n, sincronizar el estado y m\u00e1s."}], "id": "CVE-2024-0702", "lastModified": "2024-11-21T08:47:10.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-02-29T01:43:25.440", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/class-pos-bridge-install.php#L11"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c6f351-477b-4384-9863-fe3b45ddf21d?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/class-pos-bridge-install.php#L11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c6f351-477b-4384-9863-fe3b45ddf21d?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Awaiting Analysis"}