3 matches found
CVE-2020-36735
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the handleleavecalendarfilter,...
CVE-2020-36735
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the handleleavecalendarfilter,...
CVE-2020-36735
The CVE-2020-36735 vulnerability affects the WP ERP plugin for WordPress (versions up to and including 1.6.3). The root cause is missing or incorrect nonce validation on the functions handle_leave_calendar_filter, add_enable_disable_option_save, leave_policies, process_bulk_action, and process_cr...