4 matches found
WordPress WP ERP plugin < 1.13.4 - Custom+ Unauthorized Access to Terminated Employee Information vulnerability
Custom+ Unauthorized Access to Terminated Employee Information vulnerability discovered by Pedro Cuco Illex in WordPress Plugin WP ERP versions 1.13.4...
CVE-2024-12812 WP ERP < 1.13.4 - Custom+ Unauthorized Access to Terminated Employee Information
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 is affected by an IDOR issue where employees can manipulate parameters to access the data of terminated employees...
CVE-2024-12812
CVE-2024-12812 affects the WP ERP plugin for WordPress (WooCommerce CRM & Accounting), specifically versions prior to 1.13.4. The issue is an IDOR that lets authenticated users manipulate parameters to access data of terminated employees. The root cause is improper access control around parameter...
CVE-2024-12812 WP ERP < 1.13.4 - Custom+ Unauthorized Access to Terminated Employee Information
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 is affected by an IDOR issue where employees can manipulate parameters to access the data of terminated employees...