What the vulnerability does
01Description
Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.13.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
What the vulnerability does
Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.13.4.
Explanation of Vulnerability in Simple Terms
WP ERP versions up to 1.13.4 lack proper authorization checks, allowing authenticated users with low privileges to modify data or disrupt site operations. An attacker with a basic user account can alter records or cause temporary unavailability without requiring additional interaction. Update to a version newer than 1.13.4 to resolve this issue.
What an attacker can do
Modify data or cause temporary unavailability of the ERP system.
Potential impact on your site
Unauthorized changes to ERP records and potential service disruption affecting business operations.
Conditions required to exploit
Attacker must have a low-privilege user account on the WordPress site.
Key dates
External resources
Related vulnerabilities