WP-Safety

Oliver POS – A WooCommerce Point of Sale (POS) Security & Risk Analysis

wordpress.org/plugins/oliver-pos

Oliver POS is a WooCommerce Point of Sale (POS) integrated into your shop. Always in sync with your e-commerce shop, Oliver POS lets you sell in-store …

1K active installs v2.4.2.6 PHP 7.4+ WP 5.9+ Updated Apr 4, 2025
point-of-salepospos-pluginwoocommerce-point-of-salewoocommerce-pos
94
A · Safe
CVEs total3
Unpatched0
Last CVEFeb 14, 2025
Download
Safety Verdict

Is Oliver POS – A WooCommerce Point of Sale (POS) Safe to Use in 2026?

Generally Safe

Score 94/100

Oliver POS – A WooCommerce Point of Sale (POS) has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Feb 14, 2025Updated 12mo ago
Risk Assessment

The Oliver POS plugin version 2.4.2.6 presents a mixed security posture. While it demonstrates good practices like using prepared statements for a high percentage of SQL queries and implementing a decent number of nonce and capability checks, there are significant areas of concern. The static analysis reveals a notable attack surface with one AJAX handler lacking authentication, which is a direct entry point for potential unauthorized actions. Furthermore, the presence of the `unserialize` function is a known risk, especially if user-supplied data is involved without proper sanitization. The plugin's vulnerability history is particularly alarming, with three past CVEs including one critical and one high severity, and a recent vulnerability in February 2025. This pattern suggests a recurring security weakness and a need for more robust security development lifecycles. The taint analysis also indicates unsanitized paths, though no critical or high severity flows were found, it warrants attention. Overall, while the plugin has strengths in its handling of database queries and some security checks, the identified unprotected entry points, dangerous function usage, and a history of severe vulnerabilities necessitate a cautious approach and prompt remediation.

Key Concerns

  • Unprotected AJAX handler found
  • Presence of dangerous 'unserialize' function
  • History of 1 critical CVE
  • History of 1 high CVE
  • History of 1 medium CVE
  • Taint flows with unsanitized paths
  • Low percentage of properly escaped output (76%)
Vulnerabilities
3

Oliver POS – A WooCommerce Point of Sale (POS) Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
1

3 total CVEs

CVE-2024-13513critical · 9.8Missing Authorization

Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.2.3 - Sensitive Information Exposure to Privilege Escalation

Feb 14, 2025 Patched in 2.4.2.4 (1d)
CVE-2024-1954medium · 6.3Cross-Site Request Forgery (CSRF)

Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.1.8 - Cross-Site Request Forgery

Feb 27, 2024 Patched in 2.4.1.9 (154d)
CVE-2024-0702high · 7.3Missing Authorization

Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.2.1 - Missing Authorization

Feb 19, 2024 Patched in 2.4.2.1 (162d)
Code Analysis
Analyzed Mar 16, 2026

Oliver POS – A WooCommerce Point of Sale (POS) Code Analysis

Dangerous Functions
6
Raw SQL Queries
7
55 prepared
Unescaped Output
86
278 escaped
Nonce Checks
10
Capability Checks
14
File Operations
9
External Requests
39
Bundled Libraries
0

Dangerous Functions Found

unserialize$oliver_warehouse_value = @unserialize( $oliver_warehouse_value );includes\class-pos-bridge-product.php:403
unserialize$oliver_warehouse_value = @unserialize( $oliver_warehouse_value );includes\class-pos-bridge-product.php:475
unserialize$new_meta_value = unserialize($meta_value);includes\models\class-pos-bridge-order.php:338
unserialize$new_meta_value = unserialize($row);includes\models\class-pos-bridge-order.php:342
unserializereturn empty($payments) ? array() : unserialize($payments);includes\models\class-pos-bridge-order.php:1564
unserializereturn empty($payments) ? array() : unserialize($payments);includes\models\class-pos-bridge-order.php:1601

SQL Query Safety

89% prepared62 total queries

Output Escaping

76% escaped364 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
render_html (includes\class-pos-bridge-productx.php:70)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Oliver POS – A WooCommerce Point of Sale (POS) Attack Surface

Entry Points11
Unprotected1

AJAX Handlers 11

authwp_ajax_oliver_pos_init_connectionincludes\class-pos-bridge-install.php:14
authwp_ajax_oliver_pos_disconnect_subscriptionincludes\class-pos-bridge-install.php:15
authwp_ajax_oliver_pos_remove_subscriptionincludes\class-pos-bridge-install.php:16
authwp_ajax_oliver_pos_connect_siteincludes\class-pos-bridge-install.php:17
authwp_ajax_oliver_pos_delete_subscriptionincludes\class-pos-bridge-install.php:18
authwp_ajax_oliver_pos_deactivate_pluginincludes\class-pos-bridge-install.php:20
authwp_ajax_oliver_pos_system_checkincludes\class-pos-bridge-install.php:22
authwp_ajax_oliver_pos_register_urlincludes\class-pos-bridge-install.php:23
authwp_ajax_oliver_pos_getWebsiteSpeedincludes\class-pos-bridge-install.php:24
authwp_ajax_oliver_pos_syncing_statusincludes\class-pos-bridge-install.php:25
authwp_ajax_oliverpos_hideRatingoliver-pos.php:240
WordPress Hooks 85
actioninitincludes\class-pos-bridge-install.php:12
actionadmin_menuincludes\class-pos-bridge-install.php:19
actioncheck_oliver_points_and_rewards_connectedincludes\class-pos-bridge-install.php:28
actionrest_api_initincludes\class-pos-bridge.php:48
actionupgrader_process_completeincludes\class-pos-bridge.php:128
actionadmin_initincludes\class-pos-bridge.php:130
actionwp_loginincludes\class-pos-bridge.php:131
actionadmin_enqueue_scriptsincludes\class-pos-bridge.php:134
actionwoocommerce_product_options_general_product_dataincludes\class-pos-bridge.php:137
actionwoocommerce_process_product_metaincludes\class-pos-bridge.php:138
actionwoocommerce_product_options_general_product_dataincludes\class-pos-bridge.php:140
actionwoocommerce_process_product_metaincludes\class-pos-bridge.php:141
filterjwt_auth_default_whitelistincludes\class-pos-bridge.php:150
actionwoocommerce_new_orderincludes\class-pos-bridge.php:395
actionwoocommerce_update_orderincludes\class-pos-bridge.php:396
actionwoocommerce_update_order_delayincludes\class-pos-bridge.php:398
actionwoocommerce_order_refundedincludes\class-pos-bridge.php:399
actionwoocommerce_order_refunded_delayincludes\class-pos-bridge.php:401
actionwp_trash_postincludes\class-pos-bridge.php:402
actiondelete_postincludes\class-pos-bridge.php:404
actionuntrash_postincludes\class-pos-bridge.php:405
actionwoocommerce_order_status_changedincludes\class-pos-bridge.php:407
actionwoocommerce_restock_refunded_itemincludes\class-pos-bridge.php:418
actionwoocommerce_can_reduce_order_stockincludes\class-pos-bridge.php:422
actionedit_user_profile_updateincludes\class-pos-bridge.php:426
actionuser_registerincludes\class-pos-bridge.php:430
actiondelete_userincludes\class-pos-bridge.php:434
actionwoocommerce_update_customerincludes\class-pos-bridge.php:439
actionsave_post_productincludes\class-pos-bridge.php:444
actionwoocommerce_update_productincludes\class-pos-bridge.php:446
actionwoocommerce_save_product_variationincludes\class-pos-bridge.php:447
actionwoocommerce_product_duplicateincludes\class-pos-bridge.php:457
filterwoocommerce_product_import_get_product_objectincludes\class-pos-bridge.php:463
filterwc_points_rewards_redeem_points_order_statusesincludes\class-pos-bridge.php:472
actionpost_submitbox_misc_actionsincludes\class-pos-bridge.php:481
actionwoocommerce_process_product_metaincludes\class-pos-bridge.php:482
actionwoocommerce_product_options_stock_fieldsincludes\class-pos-bridge.php:486
actionwoocommerce_variation_options_inventoryincludes\class-pos-bridge.php:487
actionwoocommerce_save_product_variationincludes\class-pos-bridge.php:491
actionwoocommerce_admin_process_product_objectincludes\class-pos-bridge.php:495
actionwoocommerce_tax_rate_addedincludes\class-pos-bridge.php:496
actionwoocommerce_tax_rate_updatedincludes\class-pos-bridge.php:500
actionwoocommerce_tax_location_updatedincludes\class-pos-bridge.php:502
actionwoocommerce_tax_rate_deletedincludes\class-pos-bridge.php:506
actioncreate_termincludes\class-pos-bridge.php:508
actionedited_termincludes\class-pos-bridge.php:509
actiondelete_termincludes\class-pos-bridge.php:510
actionwoocommerce_attribute_addedincludes\class-pos-bridge.php:513
actionwoocommerce_attribute_create_delayincludes\class-pos-bridge.php:515
actionplugin_updated_completed_delayincludes\class-pos-bridge.php:517
actionwoocommerce_attribute_updatedincludes\class-pos-bridge.php:518
actionwoocommerce_attribute_updated_delayincludes\class-pos-bridge.php:520
actionwoocommerce_attribute_deletedincludes\class-pos-bridge.php:521
actionwoocommerce_update_options_generalincludes\class-pos-bridge.php:527
actionwoocommerce_update_options_taxincludes\class-pos-bridge.php:530
actionupdate_option_oliver_pos_general_setting_fieldincludes\class-pos-bridge.php:536
actionsave_post_tc_formsincludes\class-pos-bridge.php:538
actionsave_post_tc_eventsincludes\class-pos-bridge.php:539
actionsave_post_tc_tickets_instancesincludes\class-pos-bridge.php:540
actiontc_save_tc_general_settingsincludes\class-pos-bridge.php:541
actionsave_post_tc_seat_chartsincludes\class-pos-bridge.php:542
filterwoocommerce_email_recipient_new_orderincludes\class-pos-bridge.php:549
filterwoocommerce_email_recipient_customer_completed_orderincludes\class-pos-bridge.php:550
filterwoocommerce_email_recipient_customer_processing_orderincludes\class-pos-bridge.php:551
actionwoocommerce_before_email_orderincludes\class-pos-bridge.php:552
actionupdate_option_active_pluginsincludes\class-pos-bridge.php:584
actionwoocommerce_product_additional_informationincludes\class-pos-bridge.php:589
actionpre_current_active_pluginsincludes\class-pos-bridge.php:594
actionadmin_initincludes\class-pos-bridge.php:595
actioninitincludes\class-pos-bugsnag.php:31
actionplugins_loadedoliver-pos.php:47
actionwoocommerce_product_after_variable_attributesoliver-pos.php:50
actionwoocommerce_save_product_variationoliver-pos.php:52
filterwoocommerce_email_recipient_customer_completed_orderoliver-pos.php:93
filterwoocommerce_email_recipient_customer_processing_orderoliver-pos.php:94
filterwoocommerce_before_email_orderoliver-pos.php:95
actionadmin_noticesoliver-pos.php:231
filtermanage_edit-shop_order_columnsoliver-pos.php:252
filtermanage_woocommerce_page_wc-orders_columnsoliver-pos.php:254
actionmanage_shop_order_posts_custom_columnoliver-pos.php:279
actionmanage_woocommerce_page_wc-orders_custom_columnoliver-pos.php:281
actionrestrict_manage_postsoliver-pos.php:308
filterparse_queryoliver-pos.php:344
actionplugins_loadedoliver-pos.php:391
actionbefore_woocommerce_initoliver-pos.php:423

Scheduled Events 8

woocommerce_attribute_create_delay
woocommerce_attribute_updated_delay
woocommerce_order_refunded_delay
woocommerce_update_order_delay
woocommerce_tax_location_updated
woocommerce_tax_location_updated
oliver_sync_records
plugin_updated_completed_delay
Maintenance & Trust

Oliver POS – A WooCommerce Point of Sale (POS) Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.0
Last updatedApr 4, 2025
PHP min version7.4
Downloads79K

Community Trust

Rating86/100
Number of ratings89
Active installs1K
Alternatives

Oliver POS – A WooCommerce Point of Sale (POS) Alternatives

wePOS – Point Of Sale (POS) for WooCommerce

wePOS – Point Of Sale (POS) for WooCommerce

wepos

A
100

WooCommerce point of sale WordPress plugin.

2K 1 CVE
Final POS – Drag & Drop Point of Sale Builder

Final POS – Drag & Drop Point of Sale Builder

finalpos

A
100

Short Description: Transform your WooCommerce store with Final POS, the drag-and-drop point of sale builder that syncs with your shop.

60 No CVEs
Vitepos – Point of Sale (POS) for WooCommerce

Vitepos – Point of Sale (POS) for WooCommerce

vitepos-lite

A
92

Fast, modern WooCommerce POS plugin for managing sales, outlets, and cashiers directly in WordPress.

2K 5 CVEs
FooSales – Point of Sale (POS) for WooCommerce

FooSales – Point of Sale (POS) for WooCommerce

foosales

A
100

FooSales POS is a point of sale (POS) system for WooCommerce that turns any computer, iPad or Android tablet into a retail checkout.

700 No CVEs
ConnectPOS | Point of Sale for WooCommerce

ConnectPOS | Point of Sale for WooCommerce

connectpos-pos-system-for-woocommerce

A
92

ConnectPOS is a global-awarded Point of Sale (POS) tailor-made for WooCommerce users in Fashion industry. We are the Bronze winner of 2021 Stevie Awar &hellip;

80 No CVEs
Developer Profile

Oliver POS – A WooCommerce Point of Sale (POS) Developer Profile

Oliver POS

2 plugins · 1K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
106 days
View full developer profile
Detection Fingerprints

How We Detect Oliver POS – A WooCommerce Point of Sale (POS)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/oliver-pos/oliver-pos.php/wp-content/plugins/oliver-pos/includes/class-pos-bridge.php

HTML / DOM Fingerprints

CSS Classes
oliver_pos_notice
Data Attributes
id="var_product_costid="var_product_barcode
JS Globals
oliverpos_bHideRating
FAQ

Frequently Asked Questions about Oliver POS – A WooCommerce Point of Sale (POS)