Wedevs

Wp Erp

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-63008

  • EPSS 0.04%
  • Veröffentlicht 09.12.2025 14:52:27
  • Zuletzt bearbeitet 10.12.2025 17:15:53

Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.16.7.

7.5

CVE-2024-12812

Exploit
  • EPSS 0.07%
  • Veröffentlicht 15.05.2025 20:15:37
  • Zuletzt bearbeitet 22.08.2025 15:15:30

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 is affected by an IDOR issue where employees can manipulate parameters to access the data of terminated employees.

4.8

CVE-2024-12808

Exploit
  • EPSS 0.03%
  • Veröffentlicht 15.05.2025 20:15:37
  • Zuletzt bearbeitet 10.06.2025 12:29:25

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored ...

5.4

CVE-2025-30896

  • EPSS 0.07%
  • Veröffentlicht 27.03.2025 10:55:47
  • Zuletzt bearbeitet 27.03.2025 16:45:12

Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP ERP: from n/a through 1.13.4.

4.3

CVE-2023-45765

  • EPSS 0.14%
  • Veröffentlicht 02.01.2025 12:15:09
  • Zuletzt bearbeitet 31.01.2025 16:50:21

Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through 1.12.6.

6.1

CVE-2024-47640

  • EPSS 0.4%
  • Veröffentlicht 29.10.2024 14:15:06
  • Zuletzt bearbeitet 31.10.2024 17:39:28

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs WP ERP allows Reflected XSS.This issue affects WP ERP: from n/a through 1.13.2.

8.8

CVE-2024-6666

  • EPSS 0.81%
  • Veröffentlicht 11.07.2024 07:15:07
  • Zuletzt bearbeitet 21.11.2024 09:50:05

The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendor_id’ parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

7.2

CVE-2024-1173

  • EPSS 1.07%
  • Veröffentlicht 02.05.2024 17:15:10
  • Zuletzt bearbeitet 30.01.2025 15:55:07

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.13.1 due to insufficient esca...

7.2

CVE-2024-0952

  • EPSS 1.72%
  • Veröffentlicht 09.04.2024 19:15:15
  • Zuletzt bearbeitet 30.01.2025 15:54:44

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient esca...

7.2

CVE-2024-0956

  • EPSS 0.68%
  • Veröffentlicht 29.03.2024 07:15:42
  • Zuletzt bearbeitet 30.01.2025 15:54:22

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter via the erp/v1/accounting/v1/vendors/1/products/ REST route in all ve...