Browse all 8 CVE security advisories affecting Toast Plugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Toast Plugins provides point-of-sale (POS) systems and payment processing solutions for restaurants. Historically, these plugins have been vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often due to insufficient input validation and improper access controls. The 8 recorded CVEs highlight ongoing security challenges, with several allowing attackers to execute arbitrary code or bypass authentication. While no major public incidents have been widely reported, the consistent discovery of vulnerabilities suggests a need for enhanced security practices in their plugin ecosystem, particularly for web-facing components that handle sensitive payment data and customer information.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-33646 | WordPress Sticky Anything plugin <= 2.1.5 - Broken Access Control to XSS vulnerability — Sticky AnythingCWE-352 | 7.1 | High | 2024-04-29 |
| CVE-2024-30551 | WordPress Sticky Anything plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability — Sticky AnythingCWE-79 | 7.1 | High | 2024-03-31 |
This page lists every published CVE security advisory associated with Toast Plugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.