3 matches found
CVE-2024-0956
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter via the erp/v1/accounting/v1/vendors/1/products/ REST route in all versions up to, and including, 1.13.0 due to...
CVE-2024-0956 WP ERP <= 1.13.0 - Authenticated (AccountingManager+) SQL Injection
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter via the erp/v1/accounting/v1/vendors/1/products/ REST route in all versions up to, and including, 1.13.0 due to...
WordPress WP ERP Plugin <= 1.12.9 is vulnerable to SQL Injection
Software WP ERP Type Plugin Vulnerable versions = 1.12.9 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0956 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID ca3c045f160f Credits Edwin Siebel edwinsiebel Required privilege Administrator...