cleantalk
Vulnerabilities and Security Researches

WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting, CVE-2024-12808

CVE, Research URL

CVE-2024-12808

Home page URL

Security reports for WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting

Application

WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting

Published on
May 16, 2025
Research Description
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
Min -, max 1.13.4.
Status
vulnerable
Previous vulnerability researches
Subaccounts for WooCommerce (CVE-2025-47461) , May 16, 2025
Subaccounts for WooCommerce (CVE-2024-11370) , Nov 23, 2024
Subaccounts for WooCommerce (d549139954f92cf6ed7fd0d234e19d2257f78ba1) , Jun 07, 2024
New vulnerability
Posts per Cat [Unmaintained] (CVE-2025-4169) , May 17, 2025
HD Quiz (CVE-2024-13383) , May 17, 2025
AffiliateImporterEb (CVE-2024-12733) , May 17, 2025
AffiliateImporterEb (CVE-2024-12732) , May 17, 2025
Broadstreet (CVE-2025-48113) , May 17, 2025