VYPR
Vendor

Wp ERP

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2024-42565CriAug 20, 2024
    risk 0.64cvss 9.8epss 0.01

    ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/contact/delete?action=delete.

  • CVE-2024-42563CriAug 20, 2024
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file.

  • CVE-2024-12812HigMay 15, 2025
    risk 0.49cvss 7.5epss 0.00

    The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 is affected by an IDOR issue where employees can manipulate parameters to access the data of terminated employees.

  • CVE-2024-42564HigAug 20, 2024
    risk 0.49cvss 7.6epss 0.00

    ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/inventory/delete?action=delete.

  • CVE-2023-2744HigJun 27, 2023
    risk 0.47cvss 7.2epss 0.03

    The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

  • CVE-2023-2743MedJun 27, 2023
    risk 0.40cvss 6.1epss 0.00

    The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employee_name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

  • CVE-2024-12808MedMay 15, 2025
    risk 0.24cvss 4.8epss 0.00

    The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks…