2 matches found
CVE-2024-6666
The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendorid’ and 'status' parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...
PT-2024-37787 · WordPress · Wp Erp
Name of the Vulnerable Software and Affected Versions: WP ERP plugin for WordPress versions up to, and including, 1.13.0 Description: The issue is related to SQL Injection via the vendor id parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on...