Wedevs

Wp Erp

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2024-0952

  • EPSS 1.72%
  • Veröffentlicht 09.04.2024 19:15:15
  • Zuletzt bearbeitet 08.04.2026 19:19:19

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient esca...

4.9

CVE-2024-0956

  • EPSS 1%
  • Veröffentlicht 29.03.2024 07:15:42
  • Zuletzt bearbeitet 08.04.2026 19:19:19

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter via the erp/v1/accounting/v1/vendors/1/products/ REST route in all ve...

7.2

CVE-2024-0913

  • EPSS 1.06%
  • Veröffentlicht 29.03.2024 07:15:42
  • Zuletzt bearbeitet 08.04.2026 18:19:00

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, a...

6.1

CVE-2024-0609

  • EPSS 2.51%
  • Veröffentlicht 29.03.2024 07:15:41
  • Zuletzt bearbeitet 08.04.2026 18:18:53

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in all versions up to, and including, 1.13.1 due to insuffi...

6.5

CVE-2024-0608

  • EPSS 0.6%
  • Veröffentlicht 29.03.2024 07:15:41
  • Zuletzt bearbeitet 08.04.2026 18:18:53

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to union-based SQL Injection via the 'email' parameter in all versions up to, and including, 1.13.1 due to insufficien...

4.9

CVE-2024-21747

  • EPSS 0.28%
  • Veröffentlicht 08.01.2024 17:15:08
  • Zuletzt bearbeitet 21.11.2024 08:54:56

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.This issue affects WP ERP | Complete HR solution...

6.1

CVE-2023-34008

Exploit
  • EPSS 0.07%
  • Veröffentlicht 30.08.2023 15:15:08
  • Zuletzt bearbeitet 21.11.2024 08:06:23

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in weDevs WP ERP plugin <= 1.12.3 versions.

4.3

CVE-2020-36735

Exploit
  • EPSS 0.13%
  • Veröffentlicht 01.07.2023 03:15:15
  • Zuletzt bearbeitet 08.04.2026 17:16:35

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce valid...

6.1

CVE-2023-2743

Exploit
  • EPSS 0.15%
  • Veröffentlicht 27.06.2023 14:15:11
  • Zuletzt bearbeitet 05.05.2025 16:15:37

The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employee_name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

7.2

CVE-2023-2744

Exploit
  • EPSS 28.23%
  • Veröffentlicht 27.06.2023 14:15:11
  • Zuletzt bearbeitet 21.11.2024 07:59:12

The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege user...