Vulnerabilities > Wedevs > WP ERP > 1.12.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-47640 | Cross-site Scripting vulnerability in Wedevs WP ERP Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs WP ERP allows Reflected XSS.This issue affects WP ERP: from n/a through 1.13.2. | 6.1 |
| 2024-03-29 | CVE-2024-0609 | Cross-site Scripting vulnerability in Wedevs WP ERP The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in all versions up to, and including, 1.12.9 due to insufficient input sanitization and output escaping. | 6.1 |