MEDIUM
oliverpos
CVE published 2026-05-20
CVE-2026-6072
CVE-2026-6072 documents an authorization bypass vulnerability in the Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress, affecting all versions up to and including 2.4.2.6. The vulnerability stems from a loose PHP comparison (==) in the oliver_pos_rest_authentication() permission callback, which validates the 'OliverAuth' header against the 'oliver_pos_authorization_token' option. On fres [truncated]