Beta

Report

WPHRM <= 1.0 is vulnerable to Authenticated SQL Injection

Published
2017-10-10

WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter.

CVE

https://www.cve.org/CVERecord?id=CVE-2017-14848

CVSS

Score:8.8

Severity:High

Version: 1.0

There is a patch available in v1.1 and we strongly recommend you update to this version as soon as possible.