Wp Erp@* Security Vulnerabilities and Issues — Wp Erp@* CVE List

Lucene search

WedevsWp Erp*

4 matches found

CVE•added 2023/06/27 2:15 p.m.•48 views

CVE-2023-2744

The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the type parameter in the erp/v1/accounting/v1/people REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

7.2CVSS7.1AI score0.25563EPSS

CVE•added 2023/06/27 2:15 p.m.•37 views

CVE-2023-2743

The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employee_name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

6.1CVSS6AI score0.00111EPSS

CVE•added 2023/08/30 3:15 p.m.•33 views

CVE-2023-34008

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in weDevs WP ERP plugin

7.1CVSS6AI score0.0007EPSS

CVE•added 2023/07/01 3:15 a.m.•31 views

CVE-2020-36735

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the handle_leave_calendar_filter, add_en...

4.3CVSS4.2AI score0.00135EPSS