7 matches found
CVE-2023-2744
The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the type parameter in the erp/v1/accounting/v1/people REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
Exploit for CVE-2023-2744
Exploit Title: WP Plugins WP ERP = 1.12.2 - SQL Injection D...
WordPress WP ERP 1.12.2 SQL Injection
Exploit Title: WP Plugins WP ERP = 1.12.2 - SQL Injection Date: 15-10-2023 Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/erp/ Vendor Homepage: https://wperp.com/ Version: 1.12.2 Tested on: Windows, Linux CVE: CVE-2023-2744 Product Description WP ERP is the first full-fledge...
WordPress WP ERP 1.12.2 SQL Injection Vulnerability
Exploit Title: WP Plugins WP ERP = 1.12.2 - SQL Injection Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/erp/ Vendor Homepage: https://wperp.com/ Version: 1.12.2 Tested on: Windows, Linux CVE: CVE-2023-2744 Product Description WP ERP is the first full-fledged ERP Enterprise...
CVE-2023-2744 WP ERP < 1.12.4 - Admin+ SQL Injection
The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the type parameter in the erp/v1/accounting/v1/people REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
CVE-2023-2744
CVE-2023-2744 affects the WP ERP WordPress plugin pre-1.12.4. The vulnerability is a SQL injection in the REST endpoint erp/v1/accounting/v1/people where the type parameter is not properly sanitized/escaped before use in a SQL statement, allowing high-privilege users (e.g., admins) to potentially...
WordPress Afterpay Gateway for WooCommerce Plugin < 1.12.4 is vulnerable to SQL Injection
Software Afterpay Gateway for WooCommerce Type Plugin Vulnerable versions 1.12.4 Fixed in 1.12.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2744 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID d0e7ba2b77fa Credits Arvandy Required privilege...