HIGH
weDevs
CVE published 2026-05-22
CVE-2026-4834
CVE-2026-4834 describes an unauthenticated SQL injection in the WP ERP Pro plugin for WordPress affecting all versions up to and including 1.5.1. The issue is tied to insufficient escaping and insufficient query preparation for the user-supplied search_key parameter. Because the flaw can be reached without authentication and is associated with high confidentiality impact, it should be treated as a priorit [truncated]