The WordPress ERP plugin in versions up to 1.12.4 is vulnerable to SQL Injection. Attackers with administrator-level access or higher can use this vulnerability to extract sensitive information from the database. The vulnerability is caused by the lack of sufficient preparation on an existing SQL query and insufficient escaping of the user-supplied parameter.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
