CVE-2024-12812
📋 TL;DR
This vulnerability in the WP ERP WordPress plugin allows employees to access terminated employees' data by manipulating parameters. It affects WordPress sites using WP ERP plugin versions before 1.13.4. The issue enables unauthorized data access through insecure direct object references.
💻 Affected Systems
- WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin
📦 What is this software?
Wp Erp by Wedevs
⚠️ Risk & Real-World Impact
Worst Case
Employees could access sensitive terminated employee data including personal information, salary details, performance reviews, and confidential HR records, potentially leading to data breaches, privacy violations, and regulatory compliance issues.
Likely Case
Employees with malicious intent could access terminated colleagues' personal information and employment records, potentially using this data for identity theft, harassment, or corporate espionage.
If Mitigated
With proper access controls and monitoring, impact would be limited to attempted unauthorized access that is detected and blocked, with minimal data exposure.
🎯 Exploit Status
Exploitation requires authenticated employee access. Attack involves simple parameter manipulation in requests to access terminated employee records.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.13.4
Vendor Advisory: https://wpscan.com/vulnerability/757e76fd-830f-4d1c-8b89-dfad7c9c1f37/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'WP ERP' plugin. 4. Click 'Update Now' if update is available. 5. If no update shows, download version 1.13.4+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Temporary Access Restriction
allRestrict employee access to terminated employee data sections until patch is applied
Enhanced Monitoring
allImplement additional logging and monitoring for access to terminated employee records
🧯 If You Can't Patch
- Implement strict access controls and review all employee data access permissions
- Enable detailed logging of all employee data access attempts and implement real-time monitoring
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins → WP ERP version. If version is below 1.13.4, system is vulnerable.Check Version:
wp plugin list --name='WP ERP' --field=versionVerify Fix Applied:
After updating, verify WP ERP plugin version shows 1.13.4 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to terminated employee records
- Multiple failed attempts to access unauthorized employee data
- Parameter manipulation in employee data requests
Network Indicators:
- Unusual API calls to employee data endpoints from employee accounts
- Requests with manipulated employee ID parameters
SIEM Query:
source="wordpress" AND (event="employee_data_access" AND status="success" AND user_role="employee" AND target_status="terminated")