WordPress WP ERP plugin <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection vulnerability

Authenticated Accounting Manager+ SQL Injection vulnerability discovered by Edwin Siebel edwinsiebel in WordPress Plugin WP ERP versions = 1.13.0...

CVE-2024-0952

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2024-6666 WP ERP <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection via vendor_id

The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendorid’ and 'status' parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

CVE-2024-6666 WP ERP <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection via vendor_id

The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendorid’ and 'status' parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

PT-2024-37787 · WordPress · Wp Erp

Name of the Vulnerable Software and Affected Versions: WP ERP plugin for WordPress versions up to, and including, 1.13.0 Description: The issue is related to SQL Injection via the vendor id parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on...

CVE-2024-0952

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of...

WP ERP < 1.30.0 - Authenticated (Accounting Manager+) SQL Injection via id

Description The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter...

WP ERP <= 1.12.9 - Authenticated (Accounting Manager+) SQL Injection

Description The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.12.9 due to...

WordPress WP ERP Plugin <= 1.12.8 is vulnerable to SQL Injection

Software WP ERP Type Plugin Vulnerable versions = 1.12.8 Fixed in 1.12.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-21747 Patch priority Medium CVSS severity Medium 7.6 Developer Claim ownership PSID bff329846441 Credits Arvandy Required privilege Accounting Manager...

Security Bulletin: A security vulnerability in FIPS140-2 has been identified in WebSphere Application Server shipped with IBM SmartCloud Cost Management and IBM Tivoli Usage Accounting Manager

Summary IBM WebSphere Application server is shipped with IBM SmartCloud Cost Management and IBM Tivoli Usage Accounting Manager. There is a potential security vulnerability in IBM WebSphere Application Server if FIPS 140-2 is enabled. Vulnerability Details Refer to the security bulletin in the...

Security Bulletin: HTTP response splitting has been identified in IBM WebSphere Application Server Liberty Profile shipped with SmartCloud Cost Management and Tivoli Usage Accounting Manager (CVE-2015-2017)

Summary HTTP response splitting has been identified in IBM WebSphere Application Server Liberty Profile shipped with SmartCloud Cost Management and Tivoli Usage Accounting Manager CVE-2015-2017. Vulnerability Details CVEID: CVE-2015-2017 DESCRIPTION: The IBM WebSphere Application Server is...

Security Bulletin: SSLv3 POODLE Attack (CVE-2014-3566)

Summary SSLv3 POODLE Attack CVE-2014-3566 impacts IBM Service Deliver Manager. Vulnerability Details Review the following security bulletins for vulnerability details and information about fixes: Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application Server CVE-2014-3566...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with SmartCloud Cost Management and Tivoli Usage Accounting Manager (CVE-2015-7450)

Summary IBM WebSphere Application Server is shipped as a component of SmartCloud Cost Management and Tivoli Usage Accounting Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult...

Security Bulletin: Multiple security vulnerabilities in IBM SmartCloud Cost Management shipped with IBM Cloud Orchestrator Enterprise and IBM SmartCloud Orchestrator Enterprise

Summary IBM SmartCloud Cost Management is shipped as a component of IBM Cloud Orchestrator Enterprise and IBM SmartCloud Orchestrator Enterprise. Information about security vulnerabilities affecting IBM SmartCloud Cost Management has been published in a security bulletin. Vulnerability Details...

Security Bulletin: A security vulnerability has been found in IBM WebSphere Application Server 8.5.5.6 shipped with Tivoli Usage and Accounting Manager/SmartCloud Cost Management (CVE-2015-1927)

Summary WebSphere Application Server is shipped as a component of SmartCloud Cost Management. WebSphere Application Server is shipped as a component of Tivoli Integrated Portal, which is shipped as a component of Tivoli Usage and Accounting Manager. Information about a security vulnerability...

Security Bulletin:A security vulnerability has been identified in WebSphere Application Server shipped with Tivoli Usage and Accounting Manager/SmartCloud Cost Management. (CVE-2015-4938)

Summary WebSphere Application Server is shipped as a component of Tivoli Usage and Accounting Manager / SmartCloud Cost Management. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. CVE-2015-4938 Vulnerability Details Plea...

Security Bulletin: Vulnerability in IBM WebSphere Application Server affects Tivoli Usage and Accounting Manager / SmartCloud Cost Management (CVE-2015-1920)

Summary IBM WebSphere Application Server and WebSphere Application Server Hypervisor Edition could allow a remote attacker to execute arbitrary code by connecting to a management port and executing a specific sequence of instructions. Vulnerability Details CVEID: CVE-2015-1920 DESCRIPTION:...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with Tivoli Usage and Accounting Manager/SmartCloud Cost Management. (CVE-2015-1932)

Summary WebSphere Application Server is shipped as a component of Tivoli Usage and Accounting Manager / SmartCloud Cost Management. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. CVE-2015-1932 Vulnerability Details Plea...

Security Bulletin:A security vulnerability has been found in IBM WebSphere Application Server 8.5.5.6 shipped with Tivoli Usage and Accounting Manager/SmartCloud Cost Management (CVE-2015-1885)

Summary WebSphere Application Server is shipped as a component of SmartCloud Cost Management. WebSphere Application Server is shipped as a component of Tivoli Integrated Portal, which is shipped as a component of Tivoli Usage and Accounting Manager. Information about a security vulnerability...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with Tivoli Usage and Accounting Manager/SmartCloud Cost Management (CVE-2015-4000).

Summary WebSphere Application Server is shipped as a component of SmartCloud Cost Management. WebSphere Application Server is shipped as a component of Tivoli Integrated Portal, which is shipped as a component of Tivoli Usage and Accounting Manager. Information about a security vulnerability...