CVE-2026-31917
SQL Injection in weDevs WP ERP β€ 1.16.10 Allows Data Exposure
Publication date: 2026-03-13
Last updated on: 2026-03-13
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| we_devs | wp_erp | to 1.16.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-31917 is a SQL Injection vulnerability found in the WordPress WP ERP Plugin versions up to and including 1.16.10.'}, {'type': 'paragraph', 'content': "This vulnerability allows a malicious actor to directly interact with the plugin's database by improperly neutralizing special elements used in SQL commands."}, {'type': 'paragraph', 'content': 'As a result, an attacker can potentially execute unauthorized SQL commands, leading to data theft or manipulation.'}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "The vulnerability can have serious impacts including unauthorized access to sensitive data stored in the WP ERP plugin's database."}, {'type': 'paragraph', 'content': 'An attacker could steal or manipulate data, which may compromise the integrity and confidentiality of your information.'}, {'type': 'paragraph', 'content': 'The CVSS score of 8.5 indicates a high severity level, meaning the impact could be significant.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The provided resources do not include specific detection methods or commands to identify the presence of this SQL Injection vulnerability on your network or system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-31917 SQL Injection vulnerability in the WP ERP Plugin, you should immediately update the plugin to version 1.16.11 or later, where the issue has been patched.
Additionally, consider enabling auto-updates for the plugin if your environment supports it, to ensure you receive future security patches promptly.