0.001 Low
EPSS
Percentile
48.7%
WordPress WPHRM plugin Authenticated SQL Injection allows an attacker to inject SQL commands via the employee_id $_GET param.
Update the plugin.
www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14848
codecanyon.net/item/wphrm-human-resource-management-system-for-wordpress/20555857