Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:31 a.m.12 views

CVE-2023-2743

The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employeename parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6AI score0.00486EPSS
Exploits2References1
OSV
OSV
added 2023/06/27 1:17 p.m.10 views

CVE-2023-2743 WP ERP < 1.12.4 - Reflected Cross-Site Scripting

The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employeename parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS5.9AI score0.00486EPSS
Exploits2References4
Cvelist
Cvelist
added 2023/06/27 1:17 p.m.29 views

CVE-2023-2743 WP ERP < 1.12.4 - Reflected Cross-Site Scripting

The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employeename parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.2AI score0.00486EPSS
Exploits2References1
CVE
CVE
added 2023/06/27 1:17 p.m.53 views

CVE-2023-2743

CVE-2023-2743 affects the WordPress WP ERP plugin prior to version 1.12.4. The vulnerability is a Reflected Cross-Site Scripting caused by failing to sanitize/escape the employee_name parameter before echoing it on the page, potentially impacting high-privilege users (e.g., admins). Exploitation ...

6.1CVSS6AI score0.00486EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder