Primary

Context

WP ERP WordPress Plugin Unauthorized Access to Terminated Employee Data Vulnerability

Vulnerability

A vulnerability exists in the WP ERP WordPress plugin, specifically in versions prior to 1.13.4, allowing employees to manipulate parameters and access data belonging to terminated employees. This issue arises from inadequate access controls, enabling unauthorized retrieval of sensitive information.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information regarding terminated employees, potentially including personal and employment-related data.

Remediation

Users are advised to update the WP ERP WordPress plugin to version 1.13.4 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.6

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.6

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WP ERP WordPress Plugin Unauthorized Access to Terminated Employee Data Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating