VYPR

ERP

by WordPress

Source repositories

CVEs (9)

  • CVE-2025-2705HigMar 24, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability classified as critical has been found in Digiwin ERP 5.1. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The…

  • CVE-2025-67546MedDec 18, 2025
    risk 0.42cvss 6.5epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through <= 1.16.6.

  • CVE-2025-2706MedMar 24, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability classified as critical was found in Digiwin ERP 5.0.1. Affected by this vulnerability is an unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely.…

  • CVE-2025-63008MedDec 9, 2025
    risk 0.27cvss 5.3epss 0.00

    Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.16.7.

  • CVE-2023-2744Jun 27, 2023
    risk 0.02cvss epss 0.03

    The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

  • CVE-2023-2743Jun 27, 2023
    risk 0.00cvss epss 0.00

    The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employee_name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

  • CVE-2022-34001Jul 19, 2022
    risk 0.00cvss epss 0.01

    Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronously.

  • CVE-2021-30112Apr 8, 2021
    risk 0.00cvss epss 0.01

    Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request…

  • CVE-2021-30114Apr 8, 2021
    risk 0.00cvss epss 0.01

    Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege.