A high-severity privilege escalation vulnerability in the WP Human Resource Management plugin for WordPress allows authenticated attackers to gain unauthorized administrative privileges on affected sites.**

The vulnerability is caused by a missing authorization check in the ajax_insert_employee() and update_empoyee() functions. An authenticated attacker, even with low-level permissions, can exploit this flaw to escalate their privileges, potentially gaining administrative control over the website.