Published: 27/06/2023 Updated: 07/11/2023

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 0

The ERP WordPress plugin prior to 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wedevs wp erp

WordPress WP ERP plugin versions 1122 and below suffer from a remote SQL injection vulnerability ...

Mass CVE-2023-2744

Exploit Title: WP Plugins WP ERP <= 1122 - SQL Injection Date: 15-10-2023 Exploit Author: Arvandy Software Link: wordpressorg/plugins/erp/ Vendor Homepage: wperpcom/ Version: 1122 Tested on: Windows, Linux CVE: CVE-2023-2744 Product Description WP ERP is the first full-fledged ERP (Enterprise Resource Planning) system through which you can simultane

https://wpscan.com/vulnerability/435da8a1-9955-46d7-a508-b5738259e731 http://packetstormsecurity.com/files/175106/WordPress-WP-ERP-1.12.2-SQL-Injection.html https://nvd.nist.gov https://github.com/pashayogi/CVE-2023-2744 https://packetstormsecurity.com/files/175106/WordPress-WP-ERP-1.12.2-SQL-Injection.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-2744

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect