41 matches found
CVE-2026-4834
The CVE-2026-4834 entry concerns the WP ERP Pro plugin for WordPress, affected up to version 1.5.1. The vulnerability is a SQL Injection via the 'search_key' parameter due to insufficient escaping and lack of proper query preparation. This allows unauthenticated attackers to append additional SQL...
EUVD-2026-11792
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through = 1.16.10...
CVE-2026-31917
The CVE concerns the WordPress WP ERP plugin by weDevs (ERP component) with versions up to 1.16.10 exposed to SQL Injection due to improper neutralization of user input. The issue affects WP ERP from unspecified earlier versions through 1.16.10. The provided documents do not specify exploit detai...
CVE-2026-31917
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through = 1.16.10...
WordPress WP ERP plugin <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection vulnerability
Authenticated Accounting Manager+ SQL Injection vulnerability discovered by Edwin Siebel edwinsiebel in WordPress Plugin WP ERP versions = 1.13.0...
CVE-2025-67546 WordPress WP ERP plugin <= 1.16.6 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through = 1.16.6...
CVE-2025-67546
CVE-2025-67546 concerns a vulnerability in the WordPress WP ERP plugin (ERP/ERP) versions
CVE-2025-63008
CVE-2025-63008 describes a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin WP ERP (erp) , affecting versions up to and including 1.16.7 . The issue arises from incorrectly configured access control security levels, allowing unauthorized access to certain functi...
CVE-2025-63008 WordPress WP ERP plugin <= 1.16.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through = 1.16.7...
CVE-2020-36735
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the handleleavecalendarfilter,...
WordPress WP ERP plugin < 1.13.4 - Custom+ Unauthorized Access to Terminated Employee Information vulnerability
Custom+ Unauthorized Access to Terminated Employee Information vulnerability discovered by Pedro Cuco Illex in WordPress Plugin WP ERP versions 1.13.4...
CVE-2024-12808
The CVE-2024-12808 entry concerns the WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin (versions before 1.13.4). According to connected documents, the vulnerability is a Stored Cross-Site Scripting (Stored XSS) flaw caused by insufficie...
CVE-2024-12812
CVE-2024-12812 affects the WP ERP plugin for WordPress (WooCommerce CRM & Accounting), specifically versions prior to 1.13.4. The issue is an IDOR that lets authenticated users manipulate parameters to access data of terminated employees. The root cause is improper access control around parameter...
CVE-2024-12808 WP ERP | Complete HR solution with recruitment < 1.13.4 - Admin+ Stored XSS
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the...
WordPress plugin WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin WP ERP | Complete HR solution...
WordPress WP ERP plugin <= 1.13.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin WP ERP versions = 1.13.4...
WordPress plugin WP ERP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-6666
The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendorid’ and 'status' parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...
CVE-2024-0608
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to union-based SQL Injection via the 'email' parameter in all versions up to, and including, 1.13.1 due to insufficient escaping on the user supplied parameter and...
WordPress WP ERP plugin <= 1.13.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin WP ERP versions = 1.13.2...