Search

Find a vulnerability

Search criteria

    28 vulnerabilities found for Groundhogg — CRM, Newsletters, and Marketing Automation by trainingbusinesspros

    CVE-2026-14029 (GCVE-0-2026-14029)

    Vulnerability from nvd – Published: 2026-07-02 08:33 – Updated: 2026-07-02 14:53
    VLAI
    Title
    Groundhogg <= 4.5.8 - Authenticated (Custom+) SQL Injection via 'select' Parameter
    Summary
    The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Exploitation requires the attacker to hold a Groundhogg custom role with the view_contacts capability, which is granted by default to several built-in Groundhogg roles above the base subscriber level.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Credits
    PRISM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14029",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T14:53:02.826296Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T14:53:11.664Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "4.5.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "PRISM"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg \u2014 CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the \u0027select\u0027 parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Exploitation requires the attacker to hold a Groundhogg custom role with the view_contacts capability, which is granted by default to several built-in Groundhogg roles above the base subscriber level."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T08:33:08.431Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fb7fd98d-de1d-4b06-b769-92df40bc1873?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.7/db/query/query.php#L228"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.8/db/query/query.php#L228"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.8/db/query/query.php#L427"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.8/db/db.php#L1366"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.8/api/v4/base-object-api.php#L505"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.7/db/query/query.php#L427"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.7/db/db.php#L1366"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.7/api/v4/base-object-api.php#L505"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3591885%40groundhogg\u0026new=3591885%40groundhogg\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-29T23:20:56.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-07-01T20:05:02.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 4.5.8 - Authenticated (Custom+) SQL Injection via \u0027select\u0027 Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-14029",
        "datePublished": "2026-07-02T08:33:08.431Z",
        "dateReserved": "2026-06-29T23:04:37.915Z",
        "dateUpdated": "2026-07-02T14:53:11.664Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13333 (GCVE-0-2026-13333)

    Vulnerability from nvd – Published: 2026-06-27 01:27 – Updated: 2026-06-29 13:55
    VLAI
    Title
    Groundhogg <= 4.5.5 - Authenticated (Sales Rep+) SQL Injection via 'query[select]' Parameter
    Summary
    The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'query[select]' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Sales Representative-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The sanitized Contact_Query code path can be bypassed by supplying an invalid filter type (e.g., query[filters][0][0][type]=invalid_filter_nonexistent), causing a FilterException to be caught and execution to fall through to the unsanitized Legacy_Contact_Query path.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Credits
    Chloe Chamberland PRISM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13333",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T13:55:16.037136Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-29T13:55:28.195Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "4.5.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Chloe Chamberland"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "PRISM"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg \u2014 CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via \u0027query[select]\u0027 Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Sales Representative-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The sanitized Contact_Query code path can be bypassed by supplying an invalid filter type (e.g., query[filters][0][0][type]=invalid_filter_nonexistent), causing a FilterException to be caught and execution to fall through to the unsanitized Legacy_Contact_Query path."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-27T01:27:21.792Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a0c04fe-7a9f-4a3f-ba2c-3bdcb5dec060?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.5/includes/legacy-contact-query.php#L753"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.5/includes/legacy-contact-query.php#L708"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.5/includes/contact-query.php#L2585"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.5/api/v3/contacts-api.php#L287"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3586389%40groundhogg\u0026new=3586389%40groundhogg\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-25T13:55:33.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-06-26T12:59:49.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 4.5.5 - Authenticated (Sales Rep+) SQL Injection via \u0027query[select]\u0027 Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-13333",
        "datePublished": "2026-06-27T01:27:21.792Z",
        "dateReserved": "2026-06-25T13:40:21.758Z",
        "dateUpdated": "2026-06-29T13:55:28.195Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13331 (GCVE-0-2026-13331)

    Vulnerability from nvd – Published: 2026-06-27 01:27 – Updated: 2026-06-27 03:16
    VLAI
    Title
    Groundhogg <= 4.5.5 - Authenticated (Marketer+) SQL Injection via 'search' Parameter
    Summary
    The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with marketer-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Credits
    Chloe Chamberland PRISM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13331",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-27T03:16:15.411168Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-27T03:16:31.566Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "4.5.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Chloe Chamberland"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "PRISM"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg \u2014 CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the \u0027search\u0027 parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with marketer-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-27T01:27:20.975Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/20ee6bc7-2732-4da3-b005-a971d12b0e32?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.5/db/db.php#L395"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.5/db/db.php#L330"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.5/db/steps.php#L231"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.5/db/steps.php#L254"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.5/api/v4/base-object-api.php#L488"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3586389%40groundhogg\u0026new=3586389%40groundhogg\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-25T13:41:39.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-06-26T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 4.5.5 - Authenticated (Marketer+) SQL Injection via \u0027search\u0027 Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-13331",
        "datePublished": "2026-06-27T01:27:20.975Z",
        "dateReserved": "2026-06-25T13:26:29.138Z",
        "dateUpdated": "2026-06-27T03:16:31.566Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13226 (GCVE-0-2026-13226)

    Vulnerability from nvd – Published: 2026-06-26 01:27 – Updated: 2026-06-26 15:12
    VLAI
    Title
    Groundhogg <= 4.5.4 - Authenticated (Custom+) SQL Injection via 'after' Parameter
    Summary
    The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Sales Manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The AJAX handler wp_ajax_groundhogg_get_contacts_table has its capability check commented out and performs no nonce verification, meaning any authenticated user regardless of role can reach the vulnerable code path.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Credits
    PRISM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13226",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T15:12:00.529506Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T15:12:35.751Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "4.5.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "PRISM"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg \u2014 CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the \u0027after\u0027 parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Sales Manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The AJAX handler wp_ajax_groundhogg_get_contacts_table has its capability check commented out and performs no nonce verification, meaning any authenticated user regardless of role can reach the vulnerable code path."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T01:27:45.702Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f2ba40d9-2d37-453a-a731-078f1de1fc69?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.4/includes/legacy-contact-query.php#L1013"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.4/includes/legacy-contact-query.php#L1017"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.4/admin/contacts/contacts-page.php#L766"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.4/admin/contacts/tables/contacts-table.php#L101"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.4/includes/contact-query.php#L2586"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.4/includes/functions.php#L679"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3585561%40groundhogg\u0026new=3585561%40groundhogg\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-24T16:51:54.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-06-25T13:02:09.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 4.5.4 - Authenticated (Custom+) SQL Injection via \u0027after\u0027 Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-13226",
        "datePublished": "2026-06-26T01:27:45.702Z",
        "dateReserved": "2026-06-24T16:36:42.922Z",
        "dateUpdated": "2026-06-26T15:12:35.751Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12750 (GCVE-0-2025-12750)

    Vulnerability from nvd – Published: 2025-11-21 09:27 – Updated: 2026-04-08 17:29
    VLAI
    Title
    Groundhogg <= 4.2.6.1 - Authenticated (Admin+) SQL Injection
    Summary
    The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to SQL Injection via the 'term' parameter in all versions up to, and including, 4.2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Credits
    NAKLEH ZEIDAN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12750",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-21T15:03:57.393297Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-21T15:04:10.222Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "4.2.6.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "NAKLEH ZEIDAN"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg \u2014 CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to SQL Injection via the \u0027term\u0027 parameter in all versions up to, and including, 4.2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:29:28.835Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3d231e1-a63e-4b41-a6b7-91e6dfc33600?source=cve"
            },
            {
              "url": "https://github.com/groundhoggwp/groundhogg/blob/master/includes/functions.php#L5705"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3394550%40groundhogg\u0026new=3394550%40groundhogg\u0026sfp_email=\u0026sfph_mail=#file14"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-05T17:29:16.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2025-11-20T20:41:57.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 4.2.6.1 - Authenticated (Admin+) SQL Injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-12750",
        "datePublished": "2025-11-21T09:27:02.976Z",
        "dateReserved": "2025-11-05T15:02:39.314Z",
        "dateUpdated": "2026-04-08T17:29:28.835Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-4206 (GCVE-0-2025-4206)

    Vulnerability from nvd – Published: 2025-05-09 11:11 – Updated: 2026-04-08 16:32
    VLAI
    Title
    WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg <= 4.1.1.2 - Authenticated (Administrator+) Arbitrary File Deletion
    Summary
    The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'process_export_delete' and 'process_import_delete' functions in all versions up to, and including, 4.1.1.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Credits
    Phat Do
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4206",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-09T16:10:07.177322Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-09T16:10:24.557Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Phat Do"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WordPress CRM, Email \u0026 Marketing Automation for WordPress | Award Winner \u2014 Groundhogg plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the \u0027process_export_delete\u0027 and \u0027process_import_delete\u0027 functions in all versions up to, and including, 4.1.1.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:32:41.558Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0256b4ad-6094-4062-bdf7-c3fc0410557b?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/trunk/admin/tools/tools-page.php#L912"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/trunk/admin/tools/tools-page.php#L701"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3289364/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-08T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "WordPress CRM, Email \u0026 Marketing Automation for WordPress | Award Winner \u2014 Groundhogg \u003c= 4.1.1.2 - Authenticated (Administrator+) Arbitrary File Deletion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-4206",
        "datePublished": "2025-05-09T11:11:19.260Z",
        "dateReserved": "2025-05-01T22:35:48.829Z",
        "dateUpdated": "2026-04-08T16:32:41.558Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-1267 (GCVE-0-2025-1267)

    Vulnerability from nvd – Published: 2025-04-01 06:52 – Updated: 2026-04-08 17:01
    VLAI
    Title
    Groundhogg <= 3.7.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via label Parameter
    Summary
    The Groundhogg plugin for Wordpress is vulnerable to Stored Cross-Site Scripting via the ‘label' parameter in versions up to, and including, 3.7.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Credits
    Cristian Bejan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1267",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-01T14:36:31.476347Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-01T14:36:44.139Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "3.7.4.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cristian Bejan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg plugin for Wordpress is vulnerable to Stored Cross-Site Scripting via the \u2018label\u0027 parameter in versions up to, and including, 3.7.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:01:27.970Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/763a9aff-9bc0-4c79-9383-778a9034b436?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/trunk/assets/js/admin/forms/form-builder-v2.js#L859"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/trunk/assets/js/admin/forms/form-builder-v2.js"
            },
            {
              "url": "https://github.com/groundhoggwp/groundhogg/commit/5206bf2482e2fe210ccca6e7dcfe62ffe85b3061"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3264477/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-02-12T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2025-02-12T00:00:00.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2025-03-31T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 3.7.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via label Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-1267",
        "datePublished": "2025-04-01T06:52:05.370Z",
        "dateReserved": "2025-02-12T23:45:32.790Z",
        "dateUpdated": "2026-04-08T17:01:27.970Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-0394 (GCVE-0-2025-0394)

    Vulnerability from nvd – Published: 2025-01-14 08:23 – Updated: 2026-04-08 17:16
    VLAI
    Title
    Groundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function
    Summary
    The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gh_big_file_upload() function in all versions up to, and including, 3.7.3.5. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Credits
    wesley
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0394",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T14:46:02.485000Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T14:46:14.802Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "3.7.3.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "wesley"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WordPress CRM, Email \u0026 Marketing Automation for WordPress | Award Winner \u2014 Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gh_big_file_upload() function in all versions up to, and including, 3.7.3.5. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:16:31.781Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2cf3b85-2e2d-43dc-9877-9a740d4fd2fb?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/3.7.3.5/includes/big-file-uploader.php#L117"
            },
            {
              "url": "https://wordpress.org/plugins/groundhogg/#developers"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3221208/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-01-13T20:19:33.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-0394",
        "datePublished": "2025-01-14T08:23:14.407Z",
        "dateReserved": "2025-01-10T18:11:25.358Z",
        "dateUpdated": "2026-04-08T17:16:31.781Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-2736 (GCVE-0-2023-2736)

    Vulnerability from nvd – Published: 2023-05-20 02:03 – Updated: 2026-04-08 17:11
    VLAI
    Title
    Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Privilege Escalation
    Summary
    The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajax_edit_contact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and then modify the assigned user to the auto login link to elevate verified user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Credits
    István Márton
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:05.227Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9bf472f1-5980-48ee-aa10-aad19b6f2456?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/includes/shortcodes.php#L99"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/contacts/contacts-page.php#L542"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/contacts/contacts-page.php"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2736",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-13T16:19:30.410018Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-13T16:48:29.235Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "2.7.9.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Istv\u00e1n M\u00e1rton"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the \u0027ajax_edit_contact\u0027 function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and then modify the assigned user to the auto login link to elevate verified user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:11:21.204Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9bf472f1-5980-48ee-aa10-aad19b6f2456?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/includes/shortcodes.php#L99"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/contacts/contacts-page.php#L542"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/contacts/contacts-page.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-05-12T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2023-05-15T00:00:00.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2023-05-19T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 2.7.9.8 - Cross-Site Request Forgery to Privilege Escalation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2023-2736",
        "datePublished": "2023-05-20T02:03:23.875Z",
        "dateReserved": "2023-05-16T13:17:27.854Z",
        "dateUpdated": "2026-04-08T17:11:21.204Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-2735 (GCVE-0-2023-2735)

    Vulnerability from nvd – Published: 2023-05-20 02:03 – Updated: 2026-04-08 16:50
    VLAI
    Title
    Groundhogg <= 2.7.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
    Summary
    The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note this only works with legacy contact forms.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Credits
    István Márton
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:05.249Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4938206e-2ea4-47ed-a307-87cf67dd74a4?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/includes/shortcodes.php#L51"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/includes/form/form.php#L187"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/trunk/includes/better-meta-compat.php"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2735",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-05T18:29:57.605767Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-05T19:44:45.769Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "2.7.9.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Istv\u00e1n M\u00e1rton"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027gh_form\u0027 shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note this only works with legacy contact forms."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:50:26.209Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4938206e-2ea4-47ed-a307-87cf67dd74a4?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/includes/shortcodes.php#L51"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/includes/form/form.php#L187"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/trunk/includes/better-meta-compat.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-05-12T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2023-05-15T00:00:00.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2023-05-19T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 2.7.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2023-2735",
        "datePublished": "2023-05-20T02:03:22.910Z",
        "dateReserved": "2023-05-16T13:00:19.968Z",
        "dateUpdated": "2026-04-08T16:50:26.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-2717 (GCVE-0-2023-2717)

    Vulnerability from nvd – Published: 2023-05-20 02:03 – Updated: 2026-04-08 17:15
    VLAI
    Title
    Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Disable All Plugins
    Summary
    The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the 'enable_safe_mode' function. This makes it possible for unauthenticated attackers to enable safe mode, which disables all other plugins, via a forged request if they can successfully trick an administrator into performing an action such as clicking on a link. A warning message about safe mode is displayed to the admin, which can be easily disabled.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Credits
    István Márton
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:04.534Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af73240c-b711-4e91-9998-5f7e6a9a4fb9?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/help/help-page.php#L67"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/help/help-page.php"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2717",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-13T16:22:13.253442Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-13T16:48:20.565Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "2.7.9.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Istv\u00e1n M\u00e1rton"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the \u0027enable_safe_mode\u0027 function. This makes it possible for unauthenticated attackers to enable safe mode, which disables all other plugins, via a forged request if they can successfully trick an administrator into performing an action such as clicking on a link. A warning message about safe mode is displayed to the admin, which can be easily disabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:15:36.323Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af73240c-b711-4e91-9998-5f7e6a9a4fb9?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/help/help-page.php#L67"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/help/help-page.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-05-12T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2023-05-15T00:00:00.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2023-05-19T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 2.7.9.8 - Cross-Site Request Forgery to Disable All Plugins"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2023-2717",
        "datePublished": "2023-05-20T02:03:24.840Z",
        "dateReserved": "2023-05-15T16:57:58.649Z",
        "dateUpdated": "2026-04-08T17:15:36.323Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-2716 (GCVE-0-2023-2716)

    Vulnerability from nvd – Published: 2023-05-20 02:03 – Updated: 2026-04-08 16:47
    VLAI
    Title
    Groundhogg <= 2.7.9.8 - Missing Authorization to Non-Arbitrary File Upload
    Summary
    The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload a file to the contact, and then lists all the other uploaded files related to the contact.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    István Márton
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:04.306Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c5bde0e-3138-4995-92ae-6deaf6b7be5b?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/contacts/contacts-page.php#L458"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/contacts/contacts-page.php"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2716",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-13T16:22:16.151328Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-13T16:48:38.115Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "2.7.9.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Istv\u00e1n M\u00e1rton"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the \u0027ajax_upload_file\u0027 function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload a file to the contact, and then lists all the other uploaded files related to the contact."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:47:24.952Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c5bde0e-3138-4995-92ae-6deaf6b7be5b?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/contacts/contacts-page.php#L458"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/contacts/contacts-page.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-05-12T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2023-05-15T00:00:00.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2023-05-19T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 2.7.9.8 - Missing Authorization to Non-Arbitrary File Upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2023-2716",
        "datePublished": "2023-05-20T02:03:22.121Z",
        "dateReserved": "2023-05-15T16:46:02.087Z",
        "dateUpdated": "2026-04-08T16:47:24.952Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-2715 (GCVE-0-2023-2715)

    Vulnerability from nvd – Published: 2023-05-20 02:03 – Updated: 2026-04-08 16:42
    VLAI
    Title
    Groundhogg <= 2.7.9.8 - Missing Authorization to Admin Account and Ticket Creation
    Summary
    The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_ticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's data to the plugin developer, and it is also possible to create an admin access with an auto login link that is also sent to the plugin developer with the ticket. It only works if the plugin is activated with a valid license.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    István Márton
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:04.647Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/24747507-8f24-499e-a257-d379dc171e18?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/help/help-page.php#L220"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/help/help-page.php"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2715",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-13T16:22:21.762527Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-13T16:48:57.118Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "2.7.8.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Istv\u00e1n M\u00e1rton"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027submit_ticket\u0027 function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website\u0027s data to the plugin developer, and it is also possible to create an admin access with an auto login link that is also sent to the plugin developer with the ticket. It only works if the plugin is activated with a valid license."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:42:12.030Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/24747507-8f24-499e-a257-d379dc171e18?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/help/help-page.php#L220"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/help/help-page.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-05-12T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2023-05-15T00:00:00.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2023-05-19T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 2.7.9.8 - Missing Authorization to Admin Account and Ticket Creation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2023-2715",
        "datePublished": "2023-05-20T02:03:18.674Z",
        "dateReserved": "2023-05-15T16:35:19.330Z",
        "dateUpdated": "2026-04-08T16:42:12.030Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-2714 (GCVE-0-2023-2714)

    Vulnerability from nvd – Published: 2023-05-20 02:03 – Updated: 2026-04-08 16:43
    VLAI
    Title
    Groundhogg <= 2.7.9.8 - Missing Authorization to Update License
    Summary
    The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the license key and support license key, but it can only be changed to a valid license key.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    István Márton
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:05.566Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/29700844-b41d-4f10-90a7-06c8574d8d2a?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/guided-setup/guided-setup.php#L111"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/help/help-page.php#L41"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/help/help-page.php"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2714",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-13T16:22:18.899683Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-13T16:48:48.322Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "2.7.9.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Istv\u00e1n M\u00e1rton"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027check_license\u0027 functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the license key and support license key, but it can only be changed to a valid license key."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:43:19.619Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/29700844-b41d-4f10-90a7-06c8574d8d2a?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/guided-setup/guided-setup.php#L111"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/help/help-page.php#L41"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/help/help-page.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-05-12T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2023-05-15T00:00:00.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2023-05-19T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 2.7.9.8 - Missing Authorization to Update License"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2023-2714",
        "datePublished": "2023-05-20T02:03:20.188Z",
        "dateReserved": "2023-05-15T16:34:21.224Z",
        "dateUpdated": "2026-04-08T16:43:19.619Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14029 (GCVE-0-2026-14029)

    Vulnerability from cvelistv5 – Published: 2026-07-02 08:33 – Updated: 2026-07-02 14:53
    VLAI
    Title
    Groundhogg <= 4.5.8 - Authenticated (Custom+) SQL Injection via 'select' Parameter
    Summary
    The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Exploitation requires the attacker to hold a Groundhogg custom role with the view_contacts capability, which is granted by default to several built-in Groundhogg roles above the base subscriber level.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Credits
    PRISM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14029",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T14:53:02.826296Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T14:53:11.664Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "4.5.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "PRISM"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg \u2014 CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the \u0027select\u0027 parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Exploitation requires the attacker to hold a Groundhogg custom role with the view_contacts capability, which is granted by default to several built-in Groundhogg roles above the base subscriber level."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T08:33:08.431Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fb7fd98d-de1d-4b06-b769-92df40bc1873?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.7/db/query/query.php#L228"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.8/db/query/query.php#L228"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.8/db/query/query.php#L427"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.8/db/db.php#L1366"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.8/api/v4/base-object-api.php#L505"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.7/db/query/query.php#L427"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.7/db/db.php#L1366"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.7/api/v4/base-object-api.php#L505"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3591885%40groundhogg\u0026new=3591885%40groundhogg\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-29T23:20:56.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-07-01T20:05:02.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 4.5.8 - Authenticated (Custom+) SQL Injection via \u0027select\u0027 Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-14029",
        "datePublished": "2026-07-02T08:33:08.431Z",
        "dateReserved": "2026-06-29T23:04:37.915Z",
        "dateUpdated": "2026-07-02T14:53:11.664Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13333 (GCVE-0-2026-13333)

    Vulnerability from cvelistv5 – Published: 2026-06-27 01:27 – Updated: 2026-06-29 13:55
    VLAI
    Title
    Groundhogg <= 4.5.5 - Authenticated (Sales Rep+) SQL Injection via 'query[select]' Parameter
    Summary
    The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'query[select]' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Sales Representative-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The sanitized Contact_Query code path can be bypassed by supplying an invalid filter type (e.g., query[filters][0][0][type]=invalid_filter_nonexistent), causing a FilterException to be caught and execution to fall through to the unsanitized Legacy_Contact_Query path.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Credits
    Chloe Chamberland PRISM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13333",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T13:55:16.037136Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-29T13:55:28.195Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "4.5.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Chloe Chamberland"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "PRISM"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg \u2014 CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via \u0027query[select]\u0027 Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Sales Representative-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The sanitized Contact_Query code path can be bypassed by supplying an invalid filter type (e.g., query[filters][0][0][type]=invalid_filter_nonexistent), causing a FilterException to be caught and execution to fall through to the unsanitized Legacy_Contact_Query path."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-27T01:27:21.792Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a0c04fe-7a9f-4a3f-ba2c-3bdcb5dec060?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.5/includes/legacy-contact-query.php#L753"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.5/includes/legacy-contact-query.php#L708"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.5/includes/contact-query.php#L2585"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.5/api/v3/contacts-api.php#L287"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3586389%40groundhogg\u0026new=3586389%40groundhogg\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-25T13:55:33.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-06-26T12:59:49.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 4.5.5 - Authenticated (Sales Rep+) SQL Injection via \u0027query[select]\u0027 Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-13333",
        "datePublished": "2026-06-27T01:27:21.792Z",
        "dateReserved": "2026-06-25T13:40:21.758Z",
        "dateUpdated": "2026-06-29T13:55:28.195Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13331 (GCVE-0-2026-13331)

    Vulnerability from cvelistv5 – Published: 2026-06-27 01:27 – Updated: 2026-06-27 03:16
    VLAI
    Title
    Groundhogg <= 4.5.5 - Authenticated (Marketer+) SQL Injection via 'search' Parameter
    Summary
    The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with marketer-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Credits
    Chloe Chamberland PRISM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13331",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-27T03:16:15.411168Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-27T03:16:31.566Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "4.5.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Chloe Chamberland"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "PRISM"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg \u2014 CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the \u0027search\u0027 parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with marketer-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-27T01:27:20.975Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/20ee6bc7-2732-4da3-b005-a971d12b0e32?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.5/db/db.php#L395"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.5/db/db.php#L330"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.5/db/steps.php#L231"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.5/db/steps.php#L254"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.5/api/v4/base-object-api.php#L488"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3586389%40groundhogg\u0026new=3586389%40groundhogg\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-25T13:41:39.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-06-26T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 4.5.5 - Authenticated (Marketer+) SQL Injection via \u0027search\u0027 Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-13331",
        "datePublished": "2026-06-27T01:27:20.975Z",
        "dateReserved": "2026-06-25T13:26:29.138Z",
        "dateUpdated": "2026-06-27T03:16:31.566Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13226 (GCVE-0-2026-13226)

    Vulnerability from cvelistv5 – Published: 2026-06-26 01:27 – Updated: 2026-06-26 15:12
    VLAI
    Title
    Groundhogg <= 4.5.4 - Authenticated (Custom+) SQL Injection via 'after' Parameter
    Summary
    The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Sales Manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The AJAX handler wp_ajax_groundhogg_get_contacts_table has its capability check commented out and performs no nonce verification, meaning any authenticated user regardless of role can reach the vulnerable code path.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Credits
    PRISM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13226",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T15:12:00.529506Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T15:12:35.751Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "4.5.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "PRISM"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg \u2014 CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the \u0027after\u0027 parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Sales Manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The AJAX handler wp_ajax_groundhogg_get_contacts_table has its capability check commented out and performs no nonce verification, meaning any authenticated user regardless of role can reach the vulnerable code path."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T01:27:45.702Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f2ba40d9-2d37-453a-a731-078f1de1fc69?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.4/includes/legacy-contact-query.php#L1013"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.4/includes/legacy-contact-query.php#L1017"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.4/admin/contacts/contacts-page.php#L766"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.4/admin/contacts/tables/contacts-table.php#L101"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.4/includes/contact-query.php#L2586"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.4/includes/functions.php#L679"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3585561%40groundhogg\u0026new=3585561%40groundhogg\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-24T16:51:54.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-06-25T13:02:09.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 4.5.4 - Authenticated (Custom+) SQL Injection via \u0027after\u0027 Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-13226",
        "datePublished": "2026-06-26T01:27:45.702Z",
        "dateReserved": "2026-06-24T16:36:42.922Z",
        "dateUpdated": "2026-06-26T15:12:35.751Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12750 (GCVE-0-2025-12750)

    Vulnerability from cvelistv5 – Published: 2025-11-21 09:27 – Updated: 2026-04-08 17:29
    VLAI
    Title
    Groundhogg <= 4.2.6.1 - Authenticated (Admin+) SQL Injection
    Summary
    The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to SQL Injection via the 'term' parameter in all versions up to, and including, 4.2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Credits
    NAKLEH ZEIDAN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12750",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-21T15:03:57.393297Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-21T15:04:10.222Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "4.2.6.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "NAKLEH ZEIDAN"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg \u2014 CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to SQL Injection via the \u0027term\u0027 parameter in all versions up to, and including, 4.2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:29:28.835Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3d231e1-a63e-4b41-a6b7-91e6dfc33600?source=cve"
            },
            {
              "url": "https://github.com/groundhoggwp/groundhogg/blob/master/includes/functions.php#L5705"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3394550%40groundhogg\u0026new=3394550%40groundhogg\u0026sfp_email=\u0026sfph_mail=#file14"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-05T17:29:16.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2025-11-20T20:41:57.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 4.2.6.1 - Authenticated (Admin+) SQL Injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-12750",
        "datePublished": "2025-11-21T09:27:02.976Z",
        "dateReserved": "2025-11-05T15:02:39.314Z",
        "dateUpdated": "2026-04-08T17:29:28.835Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-4206 (GCVE-0-2025-4206)

    Vulnerability from cvelistv5 – Published: 2025-05-09 11:11 – Updated: 2026-04-08 16:32
    VLAI
    Title
    WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg <= 4.1.1.2 - Authenticated (Administrator+) Arbitrary File Deletion
    Summary
    The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'process_export_delete' and 'process_import_delete' functions in all versions up to, and including, 4.1.1.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Credits
    Phat Do
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4206",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-09T16:10:07.177322Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-09T16:10:24.557Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Phat Do"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WordPress CRM, Email \u0026 Marketing Automation for WordPress | Award Winner \u2014 Groundhogg plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the \u0027process_export_delete\u0027 and \u0027process_import_delete\u0027 functions in all versions up to, and including, 4.1.1.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:32:41.558Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0256b4ad-6094-4062-bdf7-c3fc0410557b?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/trunk/admin/tools/tools-page.php#L912"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/trunk/admin/tools/tools-page.php#L701"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3289364/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-08T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "WordPress CRM, Email \u0026 Marketing Automation for WordPress | Award Winner \u2014 Groundhogg \u003c= 4.1.1.2 - Authenticated (Administrator+) Arbitrary File Deletion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-4206",
        "datePublished": "2025-05-09T11:11:19.260Z",
        "dateReserved": "2025-05-01T22:35:48.829Z",
        "dateUpdated": "2026-04-08T16:32:41.558Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-1267 (GCVE-0-2025-1267)

    Vulnerability from cvelistv5 – Published: 2025-04-01 06:52 – Updated: 2026-04-08 17:01
    VLAI
    Title
    Groundhogg <= 3.7.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via label Parameter
    Summary
    The Groundhogg plugin for Wordpress is vulnerable to Stored Cross-Site Scripting via the ‘label' parameter in versions up to, and including, 3.7.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Credits
    Cristian Bejan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1267",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-01T14:36:31.476347Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-01T14:36:44.139Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "3.7.4.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cristian Bejan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg plugin for Wordpress is vulnerable to Stored Cross-Site Scripting via the \u2018label\u0027 parameter in versions up to, and including, 3.7.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:01:27.970Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/763a9aff-9bc0-4c79-9383-778a9034b436?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/trunk/assets/js/admin/forms/form-builder-v2.js#L859"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/trunk/assets/js/admin/forms/form-builder-v2.js"
            },
            {
              "url": "https://github.com/groundhoggwp/groundhogg/commit/5206bf2482e2fe210ccca6e7dcfe62ffe85b3061"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3264477/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-02-12T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2025-02-12T00:00:00.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2025-03-31T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 3.7.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via label Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-1267",
        "datePublished": "2025-04-01T06:52:05.370Z",
        "dateReserved": "2025-02-12T23:45:32.790Z",
        "dateUpdated": "2026-04-08T17:01:27.970Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-0394 (GCVE-0-2025-0394)

    Vulnerability from cvelistv5 – Published: 2025-01-14 08:23 – Updated: 2026-04-08 17:16
    VLAI
    Title
    Groundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function
    Summary
    The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gh_big_file_upload() function in all versions up to, and including, 3.7.3.5. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Credits
    wesley
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0394",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T14:46:02.485000Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T14:46:14.802Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "3.7.3.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "wesley"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WordPress CRM, Email \u0026 Marketing Automation for WordPress | Award Winner \u2014 Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gh_big_file_upload() function in all versions up to, and including, 3.7.3.5. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:16:31.781Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2cf3b85-2e2d-43dc-9877-9a740d4fd2fb?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/3.7.3.5/includes/big-file-uploader.php#L117"
            },
            {
              "url": "https://wordpress.org/plugins/groundhogg/#developers"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3221208/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-01-13T20:19:33.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-0394",
        "datePublished": "2025-01-14T08:23:14.407Z",
        "dateReserved": "2025-01-10T18:11:25.358Z",
        "dateUpdated": "2026-04-08T17:16:31.781Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-2717 (GCVE-0-2023-2717)

    Vulnerability from cvelistv5 – Published: 2023-05-20 02:03 – Updated: 2026-04-08 17:15
    VLAI
    Title
    Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Disable All Plugins
    Summary
    The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the 'enable_safe_mode' function. This makes it possible for unauthenticated attackers to enable safe mode, which disables all other plugins, via a forged request if they can successfully trick an administrator into performing an action such as clicking on a link. A warning message about safe mode is displayed to the admin, which can be easily disabled.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Credits
    István Márton
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:04.534Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af73240c-b711-4e91-9998-5f7e6a9a4fb9?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/help/help-page.php#L67"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/help/help-page.php"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2717",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-13T16:22:13.253442Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-13T16:48:20.565Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "2.7.9.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Istv\u00e1n M\u00e1rton"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the \u0027enable_safe_mode\u0027 function. This makes it possible for unauthenticated attackers to enable safe mode, which disables all other plugins, via a forged request if they can successfully trick an administrator into performing an action such as clicking on a link. A warning message about safe mode is displayed to the admin, which can be easily disabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:15:36.323Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af73240c-b711-4e91-9998-5f7e6a9a4fb9?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/help/help-page.php#L67"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/help/help-page.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-05-12T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2023-05-15T00:00:00.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2023-05-19T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 2.7.9.8 - Cross-Site Request Forgery to Disable All Plugins"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2023-2717",
        "datePublished": "2023-05-20T02:03:24.840Z",
        "dateReserved": "2023-05-15T16:57:58.649Z",
        "dateUpdated": "2026-04-08T17:15:36.323Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-2736 (GCVE-0-2023-2736)

    Vulnerability from cvelistv5 – Published: 2023-05-20 02:03 – Updated: 2026-04-08 17:11
    VLAI
    Title
    Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Privilege Escalation
    Summary
    The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajax_edit_contact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and then modify the assigned user to the auto login link to elevate verified user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Credits
    István Márton
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:05.227Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9bf472f1-5980-48ee-aa10-aad19b6f2456?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/includes/shortcodes.php#L99"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/contacts/contacts-page.php#L542"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/contacts/contacts-page.php"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2736",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-13T16:19:30.410018Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-13T16:48:29.235Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "2.7.9.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Istv\u00e1n M\u00e1rton"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the \u0027ajax_edit_contact\u0027 function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and then modify the assigned user to the auto login link to elevate verified user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:11:21.204Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9bf472f1-5980-48ee-aa10-aad19b6f2456?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/includes/shortcodes.php#L99"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/contacts/contacts-page.php#L542"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/contacts/contacts-page.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-05-12T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2023-05-15T00:00:00.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2023-05-19T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 2.7.9.8 - Cross-Site Request Forgery to Privilege Escalation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2023-2736",
        "datePublished": "2023-05-20T02:03:23.875Z",
        "dateReserved": "2023-05-16T13:17:27.854Z",
        "dateUpdated": "2026-04-08T17:11:21.204Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-2735 (GCVE-0-2023-2735)

    Vulnerability from cvelistv5 – Published: 2023-05-20 02:03 – Updated: 2026-04-08 16:50
    VLAI
    Title
    Groundhogg <= 2.7.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
    Summary
    The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note this only works with legacy contact forms.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Credits
    István Márton
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:05.249Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4938206e-2ea4-47ed-a307-87cf67dd74a4?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/includes/shortcodes.php#L51"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/includes/form/form.php#L187"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/trunk/includes/better-meta-compat.php"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2735",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-05T18:29:57.605767Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-05T19:44:45.769Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "2.7.9.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Istv\u00e1n M\u00e1rton"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027gh_form\u0027 shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note this only works with legacy contact forms."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:50:26.209Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4938206e-2ea4-47ed-a307-87cf67dd74a4?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/includes/shortcodes.php#L51"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/includes/form/form.php#L187"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/trunk/includes/better-meta-compat.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-05-12T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2023-05-15T00:00:00.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2023-05-19T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 2.7.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2023-2735",
        "datePublished": "2023-05-20T02:03:22.910Z",
        "dateReserved": "2023-05-16T13:00:19.968Z",
        "dateUpdated": "2026-04-08T16:50:26.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-2716 (GCVE-0-2023-2716)

    Vulnerability from cvelistv5 – Published: 2023-05-20 02:03 – Updated: 2026-04-08 16:47
    VLAI
    Title
    Groundhogg <= 2.7.9.8 - Missing Authorization to Non-Arbitrary File Upload
    Summary
    The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload a file to the contact, and then lists all the other uploaded files related to the contact.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    István Márton
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:04.306Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c5bde0e-3138-4995-92ae-6deaf6b7be5b?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/contacts/contacts-page.php#L458"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/contacts/contacts-page.php"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2716",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-13T16:22:16.151328Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-13T16:48:38.115Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "2.7.9.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Istv\u00e1n M\u00e1rton"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the \u0027ajax_upload_file\u0027 function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload a file to the contact, and then lists all the other uploaded files related to the contact."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:47:24.952Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c5bde0e-3138-4995-92ae-6deaf6b7be5b?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/contacts/contacts-page.php#L458"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/contacts/contacts-page.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-05-12T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2023-05-15T00:00:00.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2023-05-19T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 2.7.9.8 - Missing Authorization to Non-Arbitrary File Upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2023-2716",
        "datePublished": "2023-05-20T02:03:22.121Z",
        "dateReserved": "2023-05-15T16:46:02.087Z",
        "dateUpdated": "2026-04-08T16:47:24.952Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-2714 (GCVE-0-2023-2714)

    Vulnerability from cvelistv5 – Published: 2023-05-20 02:03 – Updated: 2026-04-08 16:43
    VLAI
    Title
    Groundhogg <= 2.7.9.8 - Missing Authorization to Update License
    Summary
    The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the license key and support license key, but it can only be changed to a valid license key.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    István Márton
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:05.566Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/29700844-b41d-4f10-90a7-06c8574d8d2a?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/guided-setup/guided-setup.php#L111"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/help/help-page.php#L41"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/help/help-page.php"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2714",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-13T16:22:18.899683Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-13T16:48:48.322Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "2.7.9.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Istv\u00e1n M\u00e1rton"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027check_license\u0027 functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the license key and support license key, but it can only be changed to a valid license key."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:43:19.619Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/29700844-b41d-4f10-90a7-06c8574d8d2a?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/guided-setup/guided-setup.php#L111"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/help/help-page.php#L41"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/help/help-page.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-05-12T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2023-05-15T00:00:00.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2023-05-19T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 2.7.9.8 - Missing Authorization to Update License"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2023-2714",
        "datePublished": "2023-05-20T02:03:20.188Z",
        "dateReserved": "2023-05-15T16:34:21.224Z",
        "dateUpdated": "2026-04-08T16:43:19.619Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-2715 (GCVE-0-2023-2715)

    Vulnerability from cvelistv5 – Published: 2023-05-20 02:03 – Updated: 2026-04-08 16:42
    VLAI
    Title
    Groundhogg <= 2.7.9.8 - Missing Authorization to Admin Account and Ticket Creation
    Summary
    The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_ticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's data to the plugin developer, and it is also possible to create an admin access with an auto login link that is also sent to the plugin developer with the ticket. It only works if the plugin is activated with a valid license.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    István Márton
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:04.647Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/24747507-8f24-499e-a257-d379dc171e18?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/help/help-page.php#L220"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/help/help-page.php"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2715",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-13T16:22:21.762527Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-13T16:48:57.118Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation",
              "vendor": "trainingbusinesspros",
              "versions": [
                {
                  "lessThanOrEqual": "2.7.8.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Istv\u00e1n M\u00e1rton"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027submit_ticket\u0027 function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website\u0027s data to the plugin developer, and it is also possible to create an admin access with an auto login link that is also sent to the plugin developer with the ticket. It only works if the plugin is activated with a valid license."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:42:12.030Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/24747507-8f24-499e-a257-d379dc171e18?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/help/help-page.php#L220"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/help/help-page.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-05-12T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2023-05-15T00:00:00.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2023-05-19T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Groundhogg \u003c= 2.7.9.8 - Missing Authorization to Admin Account and Ticket Creation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2023-2715",
        "datePublished": "2023-05-20T02:03:18.674Z",
        "dateReserved": "2023-05-15T16:35:19.330Z",
        "dateUpdated": "2026-04-08T16:42:12.030Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }