VYPR

Wp Human Resource Management

by WordPress

CVEs (5)

  • CVE-2017-14848HigOct 3, 2017
    risk 0.60cvss 8.8epss 0.03

    WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter.

  • CVE-2025-5953Jul 4, 2025
    risk 0.00cvss epss 0.00

    The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the ajax_insert_employee() and update_empoyee() functions in versions 2.0.0 through 2.2.17. The AJAX handler reads the client-supplied $_POST['role'] and,…

  • CVE-2025-5956Jul 4, 2025
    risk 0.00cvss epss 0.00

    The WP Human Resource Management plugin for WordPress is vulnerable to Arbitrary User Deletion due to a missing authorization within the ajax_delete_employee() function in versions 2.0.0 through 2.2.17. The plugin’s deletion handler reads the client-supplied $_POST['delete']…

  • CVE-2019-9574Mar 5, 2019
    risk 0.00cvss epss 0.02

    The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role.

  • CVE-2019-9573Mar 5, 2019
    risk 0.00cvss epss 0.02

    The WP Human Resource Management plugin before 2.2.6 for WordPress mishandles leave applications.