WordPress WP ERP plugin < 1.13.4 - Custom+ Unauthorized Access to Terminated Employee Information vulnerability

Custom+ Unauthorized Access to Terminated Employee Information vulnerability discovered by Pedro Cuco Illex in WordPress Plugin WP ERP versions 1.13.4...

WordPress WP ERP Plugin <= 1.12.9 is vulnerable to SQL Injection

Software WP ERP Type Plugin Vulnerable versions = 1.12.9 Fixed in 1.30.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0952 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 116fb228aac5 Credits Edwin Siebel edwinsiebel Required privilege Administrator...