CVE-2025-67546

CVE-2025-67546 concerns a vulnerability in the WordPress WP ERP plugin (ERP/ERP) versions

CVE-2020-36735

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the handleleavecalendarfilter,...

WordPress WP ERP plugin < 1.13.4 - Custom+ Unauthorized Access to Terminated Employee Information vulnerability

Custom+ Unauthorized Access to Terminated Employee Information vulnerability discovered by Pedro Cuco Illex in WordPress Plugin WP ERP versions 1.13.4...

CVE-2024-12808

The CVE-2024-12808 entry concerns the WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin (versions before 1.13.4). According to connected documents, the vulnerability is a Stored Cross-Site Scripting (Stored XSS) flaw caused by insufficie...

CVE-2024-12812

CVE-2024-12812 affects the WP ERP plugin for WordPress (WooCommerce CRM & Accounting), specifically versions prior to 1.13.4. The issue is an IDOR that lets authenticated users manipulate parameters to access data of terminated employees. The root cause is improper access control around parameter...

CVE-2024-12808 WP ERP | Complete HR solution with recruitment < 1.13.4 - Admin+ Stored XSS

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the...

CVE-2024-6666

The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendorid’ and 'status' parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

CVE-2024-0608

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to union-based SQL Injection via the 'email' parameter in all versions up to, and including, 1.13.1 due to insufficient escaping on the user supplied parameter and...

CVE-2024-6666

The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendorid’ parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticat...

WordPress WP ERP plugin <= 1.13.1 - Authenticated (AccountingManager+) SQL Injection vulnerability

Authenticated AccountingManager+ SQL Injection vulnerability discovered by Edwin Siebel edwinsiebel in WordPress Plugin WP ERP versions = 1.13.1...

WordPress WP ERP plugin <= 1.13.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Plugin WP ERP versions = 1.13.1...

WordPress WP ERP Plugin <= 1.12.9 is vulnerable to SQL Injection

Software WP ERP Type Plugin Vulnerable versions = 1.12.9 Fixed in 1.30.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0952 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 116fb228aac5 Credits Edwin Siebel edwinsiebel Required privilege Administrator...

CVE-2024-21747 WordPress WP ERP Plugin <= 1.12.8 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.This issue affects WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CR...

CVE-2023-34008

CVE-2023-34008 affects the WordPress WP ERP plugin, with unauthenticated reflected Cross-Site Scripting (XSS) in versions

CVE-2023-34008 WordPress WP ERP Plugin <= 1.12.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in weDevs WP ERP plugin = 1.12.3 versions...