Vulnerabilities > Wedevs > WP ERP > 1.2.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-02 | CVE-2023-45765 | Missing Authorization vulnerability in Wedevs WP ERP Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through 1.12.6. | 4.3 |
| 2023-06-27 | CVE-2023-2743 | Unspecified vulnerability in Wedevs WP ERP The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employee_name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 6.1 |