Wp ERP | Complete Hr Solution With Recruitment & Job Listings | Woocommerce CRM & Accounting
Sign in to watchby Unknown
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-2744 | 0.02 | — | 0.28 | Jun 27, 2023 | The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | ||
| CVE-2024-12812 | 0.00 | — | 0.00 | May 15, 2025 | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 is affected by an IDOR issue where employees can manipulate parameters to access the data of terminated employees. | ||
| CVE-2024-12808 | 0.00 | — | 0.00 | May 15, 2025 | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||
| CVE-2023-2743 | 0.00 | — | 0.00 | Jun 27, 2023 | The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employee_name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. |