Description
WordPress Plugin WP ERP-Complete WordPress Business Manager with HR, CRM & Accounting Systems for Small Businesses is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin WP ERP-Complete WordPress Business Manager with HR, CRM & Accounting Systems for Small Businesses version 1.6.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.6.4 or latest
References
Related Vulnerabilities
WordPress Plugin WP Google Maps Multiple Cross-Site Scripting Vulnerabilities (6.0.26)
WordPress Plugin DW Question & Answer Security Bypass (1.2.9)
WordPress Plugin Catch Themes Demo Import Arbitrary File Upload (1.7)
WordPress Plugin Media File Manager Advanced Multiple Vulnerabilities (1.1.5)
WordPress Plugin Slideshow Gallery LITE Cross-Site Scripting (1.5.3.4)