WordPress · Wp Erp Pro · CVE-2026-4834
**Name of the Vulnerable Software and Affected Versions**
WP ERP Pro versions prior to 1.5.2
**Description**
The WP ERP Pro plugin for WordPress contains a flaw allowing unauthenticated attackers to append additional SQL queries to existing ones. This is caused by insufficient escaping of the user-supplied `search key` parameter and a lack of proper preparation of the SQL query. Successful exploitation enables the extraction of sensitive information from the database.
**Recommendations**
Update to a version later than 1.5.1.
As a temporary workaround, restrict access to the `search key` parameter to minimize the risk of exploitation.