VYPR

Hr Press Lite

by WordPress

CVEs (1)

  • CVE-2026-2720MedMar 21, 2026
    risk 0.42cvss 6.5epss 0.00

    The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing capability check on the `hrp-fetch-employees` AJAX action in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with…