Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:31 a.m.12 views

CVE-2023-2743

The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employeename parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6AI score0.00486EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:48 a.m.14 views

CVE-2023-2744

The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the type parameter in the erp/v1/accounting/v1/people REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.2CVSS7.3AI score0.02632EPSS
Exploits5References1
CVE
CVE
added 2023/06/27 1:17 p.m.70 views

CVE-2023-2744

CVE-2023-2744 affects the WP ERP WordPress plugin pre-1.12.4. The vulnerability is a SQL injection in the REST endpoint erp/v1/accounting/v1/people where the type parameter is not properly sanitized/escaped before use in a SQL statement, allowing high-privilege users (e.g., admins) to potentially...

7.2CVSS7.1AI score0.02632EPSS
Exploits5References2Affected Software1
OSV
OSV
added 2023/06/27 1:17 p.m.12 views

CVE-2023-2744 WP ERP < 1.12.4 - Admin+ SQL Injection

The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the type parameter in the erp/v1/accounting/v1/people REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.2CVSS7.1AI score0.02632EPSS
Exploits5References5
OSV
OSV
added 2023/06/27 1:17 p.m.10 views

CVE-2023-2743 WP ERP < 1.12.4 - Reflected Cross-Site Scripting

The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employeename parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS5.9AI score0.00486EPSS
Exploits2References4
Rows per page
Query Builder