WP-Safety

CRM ERP Business Solution | freelancers & SME | for WordPress & WooCommerce Security & Risk Analysis

wordpress.org/plugins/crm-erp-business-solution

CRM ERP BUSINESS SOLUTION for WordPress and WooCommerce for freelancers and SME to Import your Transactions, Products, Customers, Vendors, Appointment …

80 active installs v1.13 PHP 5.2.4+ WP 3.0.1+ Updated Nov 25, 2024
business-solutioncrmcustomer-relatioshiperpwoocommerce-crm
70
B · Generally Safe
CVEs total1
Unpatched1
Last CVEJun 19, 2025
Download
Safety Verdict

Is CRM ERP Business Solution | freelancers & SME | for WordPress & WooCommerce Safe to Use in 2026?

Mostly Safe

Score 70/100

CRM ERP Business Solution | freelancers & SME | for WordPress & WooCommerce is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Jun 19, 2025Updated 1yr ago
Risk Assessment

The 'crm-erp-business-solution' plugin exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query preparation and output escaping, significant concerns arise from its attack surface and taint analysis. The presence of 6 AJAX handlers without authentication checks represents a direct entry point for potential unauthorized actions, especially given the 5 high-severity taint flows identified, indicating sensitive data could be manipulated without proper validation. The plugin's history includes a medium severity CVE, and the fact that it remains unpatched is a critical red flag, suggesting a recurring or unaddressed security weakness. This pattern, coupled with the identified taint flows and unprotected AJAX endpoints, points towards a need for immediate review and patching.

Despite a large number of file operations and external HTTP requests that are generally acceptable, the critical vulnerabilities lie in how user-supplied data is handled and whether access to these functions is properly restricted. The plugin's strengths in prepared statements and output escaping are commendable but do not mitigate the risks posed by the unprotected entry points and high-severity taint issues. The overall security is moderate to low due to the unpatched vulnerability and critical taint flows, demanding urgent attention.

Key Concerns

  • Unpatched CVE found
  • High severity taint flows
  • AJAX handlers without auth checks
Vulnerabilities
1

CRM ERP Business Solution | freelancers & SME | for WordPress & WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-49987medium · 5.3Missing Authorization

CRM ERP Business Solution <= 1.13 - Missing Authorization

Jun 19, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

CRM ERP Business Solution | freelancers & SME | for WordPress & WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
169 prepared
Unescaped Output
176
1475 escaped
Nonce Checks
12
Capability Checks
24
File Operations
71
External Requests
1
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

99% prepared171 total queries

Output Escaping

89% escaped1651 total outputs
Data Flows
17 unsanitized

Data Flow Analysis

25 flows17 with unsanitized paths
companyAddress (class-main.php:591)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

CRM ERP Business Solution | freelancers & SME | for WordPress & WooCommerce Attack Surface

Entry Points21
Unprotected6

AJAX Handlers 21

noprivwp_ajax_extensionscrm-erp-business-solution.php:168
authwp_ajax_extensionscrm-erp-business-solution.php:169
noprivwp_ajax_push_notcrm-erp-business-solution.php:192
authwp_ajax_push_notcrm-erp-business-solution.php:193
authwp_ajax_addEventincludes\crm-erp-appointments.php:20
noprivwp_ajax_addEventincludes\crm-erp-appointments.php:21
noprivwp_ajax_displayProductsincludes\crm-erp-products.php:45
authwp_ajax_displayProductsincludes\crm-erp-products.php:46
noprivwp_ajax_getTransactionProductsincludes\crm-erp-products.php:47
authwp_ajax_getTransactionProductsincludes\crm-erp-products.php:48
noprivwp_ajax_getProductsincludes\crm-erp-products.php:49
authwp_ajax_getProductsincludes\crm-erp-products.php:50
authwp_ajax_queryUsersincludes\crm-erp-users.php:380
noprivwp_ajax_getUsersincludes\crm-erp-users.php:382
authwp_ajax_getUsersincludes\crm-erp-users.php:383
noprivwp_ajax_getCustomersincludes\crm-erp-users.php:384
authwp_ajax_getCustomersincludes\crm-erp-users.php:385
noprivwp_ajax_getVendorsincludes\crm-erp-users.php:386
authwp_ajax_getVendorsincludes\crm-erp-users.php:387
noprivwp_ajax_generatePDFincludes\generatepdf.php:12
authwp_ajax_generatePDFincludes\generatepdf.php:13
WordPress Hooks 86
actionadmin_footerclass-main.php:133
actioncrmerpbs_wooIntclass-main.php:1256
actionplugins_loadedcrm-erp-business-solution.php:55
actionadmin_enqueue_scriptscrm-erp-business-solution.php:57
actionadmin_menucrm-erp-business-solution.php:58
actioncrmerpbs_generalViewcrm-erp-business-solution.php:60
actioncrmerpbs_general_optionscrm-erp-business-solution.php:61
actionbefore_woocommerce_initcrm-erp-business-solution.php:67
actionall_admin_noticescrm-erp-business-solution.php:97
actionload-edit.phpcrm-erp-business-solution.php:108
actionall_admin_noticescrm-erp-business-solution.php:114
actionall_admin_noticescrm-erp-business-solution.php:127
actionload-post-new.phpcrm-erp-business-solution.php:141
actionall_admin_noticescrm-erp-business-solution.php:146
filterviews_edit-crmerpbs_appcrm-erp-business-solution.php:158
actionadmin_initcrm-erp-business-solution.php:165
actionadmin_initcrm-erp-business-solution.php:166
actionactivated_plugincrm-erp-business-solution.php:170
actionadmin_noticescrm-erp-business-solution.php:172
actionplugins_loadedcrm-erp-business-solution.php:173
filtercodecabin_deactivate_feedback_form_pluginscrm-erp-business-solution.php:178
actionadmin_noticescrm-erp-business-solution.php:191
actioncrmerpbs_admintabscrm-erp-business-solution.php:235
actioninitincludes\crm-erp-appointments.php:11
actionadmin_initincludes\crm-erp-appointments.php:12
actionadmin_initincludes\crm-erp-appointments.php:13
actionsave_postincludes\crm-erp-appointments.php:14
actionadmin_menuincludes\crm-erp-appointments.php:15
filtermanage_crmerpbs_app_posts_columnsincludes\crm-erp-appointments.php:16
filtermanage_crmerpbs_app_columnsincludes\crm-erp-appointments.php:17
filtermanage_edit-crmerpbs_app_columnsincludes\crm-erp-appointments.php:18
filtermanage_edit-crmerpbs_app_sortable_columnsincludes\crm-erp-appointments.php:19
filterpost_updated_messagesincludes\crm-erp-appointments.php:22
actionmanage_crmerpbs_app_posts_custom_columnincludes\crm-erp-appointments.php:30
actionadmin_initincludes\crm-erp-documents.php:11
actionplugins_loadedincludes\crm-erp-documents.php:13
actioninitincludes\crm-erp-products.php:23
actionadmin_initincludes\crm-erp-products.php:24
actionadmin_initincludes\crm-erp-products.php:25
actionsave_postincludes\crm-erp-products.php:26
actionadmin_menuincludes\crm-erp-products.php:27
filtermanage_crmerpbs_products_posts_columnsincludes\crm-erp-products.php:28
filtermanage_edit-crmerpbs_products_sortable_columnsincludes\crm-erp-products.php:29
filtermanage_crmerpbs_products_columnsincludes\crm-erp-products.php:30
filtermanage_edit-crmerpbs_products_columnsincludes\crm-erp-products.php:31
filterpre_get_postsincludes\crm-erp-products.php:32
actioninitincludes\crm-erp-products.php:34
actioncrmerpbs_wholesaleInListincludes\crm-erp-products.php:36
actioncrmerpbs_stockInListincludes\crm-erp-products.php:37
actioncrmerpbs_more_prod_fieldsincludes\crm-erp-products.php:38
actioncrmerpbs_more_prod_fieldsincludes\crm-erp-products.php:39
filterpost_updated_messagesincludes\crm-erp-products.php:41
actionrestrict_manage_postsincludes\crm-erp-products.php:59
actionmanage_crmerpbs_products_posts_custom_columnincludes\crm-erp-products.php:60
filterget_meta_sqlincludes\crm-erp-products.php:466
actionadmin_menuincludes\crm-erp-reports.php:27
actioncrmerpbs_date_reportincludes\crm-erp-reports.php:28
actioncrmerpbs_woo_reportincludes\crm-erp-reports.php:29
actioncrmerpbs_transactions_reportincludes\crm-erp-reports.php:30
actionadmin_initincludes\crm-erp-reports.php:31
actionadmin_menuincludes\crm-erp-transactions.php:472
actionplugins_loadedincludes\crm-erp-transactions.php:474
actionadmin_menuincludes\crm-erp-users.php:371
actionadmin_initincludes\crm-erp-users.php:372
filtercrmerpbs_user_columnsincludes\crm-erp-users.php:373
actionshow_user_profileincludes\crm-erp-users.php:374
actionedit_user_profileincludes\crm-erp-users.php:375
actioncrmerpbs_extraUserFieldsincludes\crm-erp-users.php:376
actionpersonal_options_updateincludes\crm-erp-users.php:377
actionedit_user_profile_updateincludes\crm-erp-users.php:378
actionadmin_footerincludes\crm-erp-users.php:379
actioncrmerpbs_queryUsersincludes\crm-erp-users.php:381
actioncrmerpbs_user_ticketsincludes\crm-erp-users.php:388
actioncrmerpbs_user_actionsincludes\crm-erp-users.php:389
actioncrmerpbs_user_emailsincludes\crm-erp-users.php:390
actioncrmerpbs_user_ordersincludes\crm-erp-users.php:391
actioncrmerpbs_get_customer_total_orderincludes\crm-erp-users.php:392
actioncrmerpbs_get_customer_total_order_countincludes\crm-erp-users.php:393
actioncrmerpbs_getTicketsCountbyUserincludes\crm-erp-users.php:394
actioncrmerpbs_getTransactionProductsbyUserincludes\crm-erp-users.php:395
actioncrmerpbs_extraFiltersincludes\crm-erp-users.php:396
actioncrmerpbs_someMoreFieldsincludes\crm-erp-users.php:397
actioncrmerpbs_userListColumnsincludes\crm-erp-users.php:420
actioncrmerpbs_addNewincludes\crm-erp-users.php:421
actioncrmerpbs_get_customer_totalsincludes\crm-erp-users.php:427
actionadmin_initincludes\generatepdf.php:14
Maintenance & Trust

CRM ERP Business Solution | freelancers & SME | for WordPress & WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedNov 25, 2024
PHP min version5.2.4
Downloads9K

Community Trust

Rating100/100
Number of ratings2
Active installs80
Alternatives

CRM ERP Business Solution | freelancers & SME | for WordPress & WooCommerce Alternatives

Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation

Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation

zero-bs-crm

A
89

The CRM for small businesses. Manage leads, invoicing, billing, email marketing, clients, contacts, quotes, automation. Works with WooCommerce too.

30K 8 CVEs
ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support

ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support

erp

A
88

Manage your business with a complete ERP system featuring powerful HR management, CRM tools, accounting, and seamless WooCommerce CRM integration.

6K 20 CVEs
Cloodo WP Workplace – CRM & Project Management for Services Business

Cloodo WP Workplace – CRM & Project Management for Services Business

cloodo-worksuite

A
100

Turn your WordPress site into a complete Digital Workplace — manage CRM, ERP, Projects, Helpdesk, Services, and Client Portal in one connected system &hellip;

200 No CVEs
Integration with HubSpot for WooCommerce

Integration with HubSpot for WooCommerce

hubwoo-integration

A
85

A very powerful plugin to integrate your WooCommerce store with HubSpot seemlesly.

100 No CVEs
Forms Bridge – Infinite integrations

Forms Bridge – Infinite integrations

forms-bridge

A
99

Seamlessly connect WordPress forms to CRMs, ERPs, and APIs — no coding required. Automate data flow with field mappers, custom fields, and workflows.

70 1 CVE
Developer Profile

CRM ERP Business Solution | freelancers & SME | for WordPress & WooCommerce Developer Profile

WPFactory

63 plugins · 136K total installs

86
trust score
Avg Security Score
97/100
Avg Patch Time
90 days
View full developer profile
Detection Fingerprints

How We Detect CRM ERP Business Solution | freelancers & SME | for WordPress & WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/crm-erp-business-solution/css/common.css/wp-content/plugins/crm-erp-business-solution/css/customer.css/wp-content/plugins/crm-erp-business-solution/css/data-table.css/wp-content/plugins/crm-erp-business-solution/css/invoice.css/wp-content/plugins/crm-erp-business-solution/css/product.css/wp-content/plugins/crm-erp-business-solution/css/styles.css/wp-content/plugins/crm-erp-business-solution/js/common.js/wp-content/plugins/crm-erp-business-solution/js/customer.js+7 more
Version Parameters
crm-erp-business-solution/css/common.css?ver=crm-erp-business-solution/css/customer.css?ver=crm-erp-business-solution/css/data-table.css?ver=crm-erp-business-solution/css/invoice.css?ver=crm-erp-business-solution/css/product.css?ver=crm-erp-business-solution/css/styles.css?ver=crm-erp-business-solution/js/common.js?ver=crm-erp-business-solution/js/customer.js?ver=crm-erp-business-solution/js/data-table.js?ver=crm-erp-business-solution/js/invoice.js?ver=crm-erp-business-solution/js/product.js?ver=crm-erp-business-solution/js/sales-channels.js?ver=crm-erp-business-solution/js/sales-order.js?ver=crm-erp-business-solution/js/tax.js?ver=crm-erp-business-solution/js/transactions.js?ver=

HTML / DOM Fingerprints

CSS Classes
crmerpbs_notification
HTML Comments
<!-- HPOS compatibility declaration --><!-- deactivation survey -->
JS Globals
crmerpbs_signup
FAQ

Frequently Asked Questions about CRM ERP Business Solution | freelancers & SME | for WordPress & WooCommerce