Groundhogg: >> Groundhogg >> 0.9 Security Vulnerabilities
The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the license key and support license key, but it can only be changed to a valid license key.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-20
The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg WordPress plugin before 2.7.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins
CVSS Score
7.2
EPSS Score
0.002
Published
2023-04-10
The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-ajax.php?action=bulk_action_listener remote code execution.
CVSS Score
8.8
EPSS Score
0.11
Published
2019-08-27
Page 2