CVE-2024-0608
CVE-2024-0608 affects the WP ERP plugin for WordPress; union-based SQL injection via the 'email' parameter in all versions up to 1.13.1 due to insufficient escaping and lack of proper query preparation. Authenticated attackers with subscriber+ access can append SQL to extract data. Current status...