CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30896 – WordPress WP ERP plugin <= 1.13.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-30896
27 Mar 2025 — Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP ERP: from n/a through 1.13.4. The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.13.4. This makes it possible for authenticated attackers, with Subscriber-level access and ... • https://patchstack.com/database/wordpress/plugin/erp/vulnerability/wordpress-wp-erp-plugin-1-13-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24594 – WordPress Linet ERP-Woocommerce Integration plugin <= 3.5.7 - CSRF to Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-24594
24 Jan 2025 — Missing Authorization vulnerability in Speedcomp Linet ERP-Woocommerce Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Linet ERP-Woocommerce Integration: from n/a through 3.5.7. The Linet ERP-Woocommerce Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an... • https://patchstack.com/database/wordpress/plugin/linet-erp-woocommerce-integration/vulnerability/wordpress-linet-erp-woocommerce-integration-plugin-3-5-7-csrf-to-broken-access-control-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44756
https://notcve.org/view.php?id=CVE-2024-44756
18 Nov 2024 — NUS-M9 ERP Management Software v3.0.0 was discovered to contain a SQL injection vulnerability via the usercode parameter at /UserWH/checkLogin. • https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-44756.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47640 – WordPress WP ERP plugin <= 1.13.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-47640
21 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs WP ERP allows Reflected XSS.This issue affects WP ERP: from n/a through 1.13.2. The WP ERP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully tri... • https://patchstack.com/database/vulnerability/erp/wordpress-wp-erp-plugin-1-13-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45765 – WordPress WP ERP plugin <= 1.12.6 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-45765
12 Oct 2023 — Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through 1.12.6. The WP ERP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple admin notice dismissal function in versions up to, and including, 1.12.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss admin notifications. • https://patchstack.com/database/wordpress/plugin/erp/vulnerability/wordpress-wp-erp-plugin-1-12-6-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3944 – jerryhanjj ERP Commodity Management inventory.php uploadImages unrestricted upload
https://notcve.org/view.php?id=CVE-2022-3944
11 Nov 2022 — A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. The manipulation leads to unrestricted upload. The attack can be launched remotely. • https://github.com/jerryhanjj/ERP/issues/3 • CWE-266: Incorrect Privilege Assignment CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3118 – Sourcecodehero ERP System Project processlogin.php sql injection
https://notcve.org/view.php?id=CVE-2022-3118
04 Sep 2022 — A vulnerability was found in Sourcecodehero ERP System Project. It has been rated as critical. This issue affects some unknown processing of the file /pages/processlogin.php. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. • https://s2.loli.net/2022/09/02/N4FESXldmKWvQOw.png • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28930
https://notcve.org/view.php?id=CVE-2022-28930
15 May 2022 — ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml.. Se ha detectado que ERP-Pro versión v3.7.5, contiene una vulnerabilidad de inyección SQL por medio del componente /base/SysEveMenuAuthPointMapper.xml • https://gitee.com/doc_wei01/erp-pro/issues/I515R4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 2CVE-2021-46113
https://notcve.org/view.php?id=CVE-2021-46113
25 Jan 2022 — In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution vulnerability can be exploited by uploading PHP files using the file upload vulnerability in this service. En el código abierto KEA-Hotel-ERP de MartDevelopers, a partir del 31-12-2021, puede explotarse una vulnerabilidad de Ejecución de Código Remota mediante una carga de archivos PHP usando la vulnerabilidad de carga de archivos de este servicio • https://blog.pocas.kr/posts/rce-KEA-Hotel-ERP • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1010028
https://notcve.org/view.php?id=CVE-2019-1010028
15 Jul 2019 — phpscriptsmall.com School College Portal with ERP Script 2.6.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attack administrators and teachers, students and more. The component is: /pro-school/index.php?student/message/send_reply/. The attack vector is: <img src=x onerror=alert(document.domain) />. • https://whitehatck01.blogspot.com/2018/02/school-college-portal-with-erp-script.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •