The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin protects its entire /wp-json/pos-bridge/* REST API namespace through the oliver_pos_rest_authentication() permission callback, which uses a loose PHP comparison (==) to compare the attacker-supplied 'OliverAuth' header value against the 'oliver_pos_authorization_token' option. On fresh installations where the admin has not yet completed the connection flow, this option is unset (get_option returns false). Due to PHP's type juggling, the loose comparison '0' == false evaluates to true, allowing an unauthenticated attacker to bypass authentication by sending 'OliverAuth: 0'. This grants full access to all POS API endpoints, enabling attackers to read user data (including administrator details), update user profiles (including email addresses), and delete non-admin users. An admin account email reset can lead to site takeover.
Oliver POS WordPress plugin versions up to 2.4.2.6 contain an authentication bypass vulnerability in REST API endpoints due to loose PHP comparison of authorization tokens. Attackers can bypass authentication by sending a crafted OliverAuth header, gaining full access to sensitive POS data and user information.
تحتوي إضافة Oliver POS لـ WordPress على ثغرة تجاوز مصادقة في جميع الإصدارات حتى 2.4.2.6 بسبب استخدام مقارنة PHP فضفاضة (==) لمقارنة قيمة رأس OliverAuth مع خيار التوكن المحفوظ. عندما لا يكون الخيار معرفاً (في التثبيتات الجديدة)، تقيّم المقارنة '0' == false إلى true، مما يسمح للمهاجمين بتجاوز المصادقة. يمنح هذا الوصول الكامل إلى جميع نقاط نهاية API بما في ذلك بيانات المستخدمين والمسؤولين.
Oliver POS WordPress plugin versions up to 2.4.2.6 contain an authentication bypass vulnerability in REST API endpoints due to loose PHP comparison of authorization tokens. Attackers can bypass authentication by sending a crafted OliverAuth header, gaining full access to sensitive POS data and user information.
Update Oliver POS plugin to version 2.4.2.7 or later immediately. Implement strict comparison (===) in authentication checks. Disable REST API access if not required. Monitor access logs for suspicious OliverAuth header patterns. Implement Web Application Firewall rules to block requests with OliverAuth: 0 header.
قم بتحديث إضافة Oliver POS إلى الإصدار 2.4.2.7 أو أحدث فوراً. طبق المقارنة الصارمة (===) في فحوصات المصادقة. عطل وصول REST API إذا لم يكن مطلوباً. راقب سجلات الوصول للأنماط المريبة. طبق قواعد جدار حماية تطبيقات الويب لحجب الطلبات.