Lucene search
+L

46 matches found

CVE
CVE
added 10 hours ago8 views

CVE-2026-15349

CVE-2026-15349 affects the ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce (WordPress). The vulnerability is an authorization bypass in the wp_ajax_erp-company-location AJAX handler, allowing authenticated users with subscriber-level access and higher to create arbitrary company lo...

4.3CVSS6.2AI score
Exploits0References10
Cvelist
Cvelist
added 10 hours ago8 views

CVE-2026-15349 ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce <= 1.17.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Company Location Creation via wp_ajax_erp-company-location AJAX Handler

The ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.17.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS
Exploits0References10
Patchstack
Patchstack
added 2 days ago4 views

WordPress WP ERP plugin <= 1.17.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by K. Sorrachat in WordPress Plugin WP ERP versions = 1.17.5...

5.3AI score
Exploits0Affected Software1
NVD
NVD
added 2026/07/09 8:16 a.m.5 views

CVE-2026-13011

The ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.17.5 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS0.00269EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/09 7:55 a.m.7 views

EUVD-2026-42539

The ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.17.5 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS6AI score0.00269EPSS
Exploits0References6
CVE
CVE
added 2026/05/22 2:28 a.m.34 views

CVE-2026-4834

The CVE-2026-4834 entry concerns the WP ERP Pro plugin for WordPress, affected up to version 1.5.1. The vulnerability is a SQL Injection via the 'search_key' parameter due to insufficient escaping and lack of proper query preparation. This allows unauthenticated attackers to append additional SQL...

7.5CVSS5.9AI score0.00273EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/13 9:31 p.m.5 views

EUVD-2026-11792

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through = 1.16.10...

8.5CVSS5.8AI score0.00308EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/13 11:41 a.m.3 views

CVE-2026-31917

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through = 1.16.10...

5.8AI score0.00308EPSS
Exploits0References2
CVE
CVE
added 2026/03/13 11:41 a.m.17 views

CVE-2026-31917

The CVE concerns the WordPress WP ERP plugin by weDevs (ERP component) with versions up to 1.16.10 exposed to SQL Injection due to improper neutralization of user input. The issue affects WP ERP from unspecified earlier versions through 1.16.10. The provided documents do not specify exploit detai...

8.5CVSS5.8AI score0.00308EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/03 12:34 p.m.5 views

WordPress WP ERP plugin <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection vulnerability

Authenticated Accounting Manager+ SQL Injection vulnerability discovered by Edwin Siebel edwinsiebel in WordPress Plugin WP ERP versions = 1.13.0...

7.2CVSS5.7AI score0.00615EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/18 7:22 a.m.3 views

CVE-2025-67546 WordPress WP ERP plugin <= 1.16.6 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through = 1.16.6...

6.5CVSS6.5AI score0.00217EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 7:22 a.m.8 views

CVE-2025-67546

CVE-2025-67546 concerns a vulnerability in the WordPress WP ERP plugin (ERP/ERP) versions

6.5CVSS6.5AI score0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 2:52 p.m.27 views

CVE-2025-63008 WordPress WP ERP plugin <= 1.16.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through = 1.16.7...

5.3CVSS0.00282EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 2:52 p.m.10 views

CVE-2025-63008

CVE-2025-63008 describes a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin WP ERP (erp) , affecting versions up to and including 1.16.7 . The issue arises from incorrectly configured access control security levels, allowing unauthorized access to certain functi...

5.3CVSS6.6AI score0.00282EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:37 p.m.9 views

CVE-2020-36735

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the handleleavecalendarfilter,...

4.3CVSS6.4AI score0.00458EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/05/19 12:36 a.m.5 views

WordPress WP ERP plugin < 1.13.4 - Custom+ Unauthorized Access to Terminated Employee Information vulnerability

Custom+ Unauthorized Access to Terminated Employee Information vulnerability discovered by Pedro Cuco Illex in WordPress Plugin WP ERP versions 1.13.4...

7.5CVSS6.7AI score0.00444EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/05/15 8:6 p.m.41 views

CVE-2024-12812

CVE-2024-12812 affects the WP ERP plugin for WordPress (WooCommerce CRM & Accounting), specifically versions prior to 1.13.4. The issue is an IDOR that lets authenticated users manipulate parameters to access data of terminated employees. The root cause is improper access control around parameter...

7.5CVSS7.4AI score0.00444EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/05/15 8:6 p.m.15 views

CVE-2024-12808 WP ERP | Complete HR solution with recruitment < 1.13.4 - Admin+ Stored XSS

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the...

0.00266EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:6 p.m.34 views

CVE-2024-12808

The CVE-2024-12808 entry concerns the WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin (versions before 1.13.4). According to connected documents, the vulnerability is a Stored Cross-Site Scripting (Stored XSS) flaw caused by insufficie...

4.8CVSS5.4AI score0.00266EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.5 views

WordPress plugin WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin WP ERP | Complete HR solution...

4.8CVSS4.7AI score0.00266EPSS
Exploits1References1
Rows per page
Query Builder