PT-2026-42719 · WordPress · Wp Erp Pro

Kudakwashe Savanhu

·

Published

2026-05-22

·

Updated

2026-05-28

·

CVE-2026-4834

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions WP ERP Pro versions prior to 1.5.2
Description The WP ERP Pro plugin for WordPress contains a flaw allowing unauthenticated attackers to append additional SQL queries to existing ones. This is caused by insufficient escaping of the user-supplied search key parameter and a lack of proper preparation of the SQL query. Successful exploitation enables the extraction of sensitive information from the database.
Recommendations Update to a version later than 1.5.1. As a temporary workaround, restrict access to the search key parameter to minimize the risk of exploitation.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-4834

Affected Products

Wp Erp Pro