VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 21 known issues Latest disclosed Feb 05, 2026

ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support Vulnerabilities

Review known vulnerability records for the WordPress plugin ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support (`erp`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-31917, CVE-2025-63008 and CVE-2025-67546, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
21
High or Critical
7
Patch Coverage
100%
Last Updated
Apr 15, 2026
Priority CVE Quick Links

Fast paths into ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
20
CVE-2024-6666 High 1.13.1
CVE-2024-6666 ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support SQL Injection

WP ERP <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection via vendor_id

CVE-2024-1173 High 1.13.2
CVE-2024-1173 ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support SQL Injection

WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.13.1 - Authenticated (AccountingManager+) SQL Injection

CVE-2024-0609 High 1.13.2
CVE-2024-0609 ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support Stored Cross-Site Scripting

WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.13.1 - Unauthenticated Stored Cross-Site Scripting

CVE-2024-0913 High 1.13.1
CVE-2024-0913 ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support SQL Injection

WP ERP <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection

CVE-2024-0952 High 1.13.0
CVE-2024-0952 ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support SQL Injection

WP ERP <= 1.12.9 - Authenticated (Accounting Manager+) SQL Injection via id

CVE-2024-21747 High 1.12.9
CVE-2024-21747 ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support SQL Injection

WP ERP <= 1.12.8 - Authenticated (Accounting manager+) SQL Injection

CVE-2023-2744 High 1.12.4
CVE-2023-2744 ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support SQL Injection

WP ERP <= 1.12.3 - Authenticated (Administrator+) SQL Injection via 'type'

CVE-2026-31917 Medium 1.16.11
CVE-2026-31917 ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support SQL Injection

ERP <= 1.16.10 - Authenticated (Crm agent+) SQL Injection

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
21 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 7 high severity findings.
Recent CVEs
CVE-2026-31917, CVE-2025-63008 and CVE-2025-67546
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-31917
CVE-2026-31917: ERP <= 1.16.10 - Authenticated (Crm agent+) SQL Injection

The ERP plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.16.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with...

Published
Feb 05, 2026
Patched Release
1.16.11
Affected Versions
Versions up to 1.16.10
Next Step
Update to 1.16.11 or newer if supported.
Open CVE-2026-31917 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-63008
CVE-2025-63008: ERP <= 1.16.7 - Missing Authorization

The ERP plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.16.7. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Published
Dec 04, 2025
Patched Release
1.16.8
Affected Versions
Versions up to 1.16.7
Next Step
Update to 1.16.8 or newer if supported.
Open CVE-2025-63008 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-67546
CVE-2025-67546: ERP <= 1.16.6 - Authenticated (Subscriber+) Information Exposure

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.16.6. This makes it possible for authenticated attackers, with Subscriber-...

Published
Nov 26, 2025
Patched Release
1.16.7
Affected Versions
Versions up to 1.16.6
Next Step
Update to 1.16.7 or newer if supported.
Open CVE-2025-67546 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-30896
CVE-2025-30896: WP ERP <= 1.13.4 - Missing Authorization

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.13.4. This makes it possible for auth...

Published
Mar 27, 2025
Patched Release
1.14.0
Affected Versions
Versions up to 1.13.4
Next Step
Update to 1.14.0 or newer if supported.
Open CVE-2025-30896 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-12812
CVE-2024-12812: WP ERP <= 1.13.3 - Authenticated (Employee+) Insecure Direct Object Reference

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.13.3 via the profile page due to missing validation on a user controlled...

Published
Mar 03, 2025
Patched Release
1.13.4
Affected Versions
Versions up to 1.13.3
Next Step
Update to 1.13.4 or newer if supported.
Open CVE-2024-12812 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-12808
CVE-2024-12808: WP ERP <= 1.13.3 - Authenticated (Admin+) Stored Cross-Site Scripting

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output esc...

Published
Mar 03, 2025
Patched Release
1.13.4
Affected Versions
Versions up to 1.13.3
Next Step
Update to 1.13.4 or newer if supported.
Open CVE-2024-12808 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-47640
CVE-2024-47640: WP ERP <= 1.13.2 - Reflected Cross-Site Scripting

The WP ERP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

Published
Oct 21, 2024
Patched Release
1.13.3
Affected Versions
Versions up to 1.13.2
Next Step
Update to 1.13.3 or newer if supported.
Open CVE-2024-47640 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-6666
CVE-2024-6666: WP ERP <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection via vendor_id

The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendor_id’ and 'status' parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This ma...

Published
Jul 10, 2024
Patched Release
1.13.1
Affected Versions
Versions up to 1.13.0
Next Step
Update to 1.13.1 or newer if supported.
Open CVE-2024-6666 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-1173
CVE-2024-1173: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.13.1 - Authenticated (AccountingManager+) SQL Injection

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.13.1 due to insufficient escaping on the user supplied para...

Published
May 01, 2024
Patched Release
1.13.2
Affected Versions
Versions up to 1.13.1
Next Step
Update to 1.13.2 or newer if supported.
Open CVE-2024-1173 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-0956
CVE-2024-0956: WP ERP <= 1.13.0 - Authenticated (AccountingManager+) SQL Injection

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter via the erp/v1/accounting/v1/vendors/1/products/ REST route in all versions up to, and including, 1...

Published
Mar 28, 2024
Patched Release
1.13.1
Affected Versions
Versions up to 1.13.0
Next Step
Update to 1.13.1 or newer if supported.
Open CVE-2024-0956 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-0609
CVE-2024-0609: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.13.1 - Unauthenticated Stored Cross-Site Scripting

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in all versions up to, and including, 1.13.1 due to insufficient input sanitization and o...

Published
Mar 28, 2024
Patched Release
1.13.2
Affected Versions
Versions up to 1.13.1
Next Step
Update to 1.13.2 or newer if supported.
Open CVE-2024-0609 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-0608
CVE-2024-0608: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.13.1 - Authenticated (Subscriber+) SQL Injection

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to union-based SQL Injection via the 'email' parameter in all versions up to, and including, 1.13.1 due to insufficient escaping on the user supplie...

Published
Mar 28, 2024
Patched Release
1.13.2
Affected Versions
Versions up to 1.13.1
Next Step
Update to 1.13.2 or newer if supported.
Open CVE-2024-0608 Report Open CVE Reference