CVE-2026-31917

The CVE concerns the WordPress WP ERP plugin by weDevs (ERP component) with versions up to 1.16.10 exposed to SQL Injection due to improper neutralization of user input. The issue affects WP ERP from unspecified earlier versions through 1.16.10. The provided documents do not specify exploit detai...

CVE-2025-63008 WordPress WP ERP plugin <= 1.16.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through = 1.16.7...

CVE-2023-34383

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0...

CVE-2023-40003

Missing Authorization vulnerability in weDevs WP Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through 2.6.7...

PT-2023-31399 · Wedevs · Wedevs Wp Project Manager

Name of the Vulnerable Software and Affected Versions: weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts versions through 2.6.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known ...

PT-2023-22066 · Wedevs · Wedevs Happy Addons For Elementor

Name of the Vulnerable Software and Affected Versions: weDevs Happy Addons for Elementor plugin versions = 3.8.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions o...