Vulnerabilities > Wedevs > WP ERP > 1.3.10

DATE CVE VULNERABILITY TITLE RISK
2025-01-02 CVE-2023-45765 Missing Authorization vulnerability in Wedevs WP ERP
Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through 1.12.6.
network
low complexity
wedevs CWE-862
4.3
4.3
2024-03-29 CVE-2024-0609 Cross-site Scripting vulnerability in Wedevs WP ERP
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in all versions up to, and including, 1.12.9 due to insufficient input sanitization and output escaping.
network
low complexity
wedevs CWE-79
6.1
6.1