Log out
Get PRO

Latest

Input validation vulnerability in WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting 1.12.9

  • Severity: high-risk
  • Status: Open
  • Publication: March 28, 2024

The WP ERP plugin for WordPress, which helps with HR and job listings, is at risk for a type of hacking called time-based SQL Injection. This is because the plugin does not properly secure the id parameter in version 1.12.9 and earlier. This means that someone with certain levels of access to the plugin could add their own code to the existing code and potentially access sensitive information from the database.

Detected in:

WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting open vulnerable versions: >= * <= 1.12.9

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.