Wp Human Resource Management
by WordPress
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14848 | Hig | 0.60 | 8.8 | 0.03 | Oct 3, 2017 | WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter. | ||
| CVE-2025-5953 | 0.00 | — | 0.00 | Jul 4, 2025 | The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the ajax_insert_employee() and update_empoyee() functions in versions 2.0.0 through 2.2.17. The AJAX handler reads the client-supplied $_POST['role'] and,… | |||
| CVE-2025-5956 | 0.00 | — | 0.00 | Jul 4, 2025 | The WP Human Resource Management plugin for WordPress is vulnerable to Arbitrary User Deletion due to a missing authorization within the ajax_delete_employee() function in versions 2.0.0 through 2.2.17. The plugin’s deletion handler reads the client-supplied $_POST['delete']… | |||
| CVE-2019-9574 | 0.00 | — | 0.02 | Mar 5, 2019 | The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role. | |||
| CVE-2019-9573 | 0.00 | — | 0.02 | Mar 5, 2019 | The WP Human Resource Management plugin before 2.2.6 for WordPress mishandles leave applications. |
- risk 0.60cvss 8.8epss 0.03
WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter.
- CVE-2025-5953Jul 4, 2025risk 0.00cvss —epss 0.00
The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the ajax_insert_employee() and update_empoyee() functions in versions 2.0.0 through 2.2.17. The AJAX handler reads the client-supplied $_POST['role'] and,…
- CVE-2025-5956Jul 4, 2025risk 0.00cvss —epss 0.00
The WP Human Resource Management plugin for WordPress is vulnerable to Arbitrary User Deletion due to a missing authorization within the ajax_delete_employee() function in versions 2.0.0 through 2.2.17. The plugin’s deletion handler reads the client-supplied $_POST['delete']…
- CVE-2019-9574Mar 5, 2019risk 0.00cvss —epss 0.02
The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role.
- CVE-2019-9573Mar 5, 2019risk 0.00cvss —epss 0.02
The WP Human Resource Management plugin before 2.2.6 for WordPress mishandles leave applications.