EUVD-2026-36996

Subscriber Broken Access Control in Groundhogg 4.4.1 versions...

EUVD-2026-36971

Sales Representative Arbitrary File Deletion in Groundhogg = 4.4 versions...

CVE-2026-40793

Subscriber Broken Access Control in Groundhogg 4.4.1 versions...

CVE-2026-40727

Sales Representative Arbitrary File Deletion in Groundhogg = 4.4 versions...

CVE-2026-40793 WordPress Groundhogg plugin < 4.4.1 - Broken Access Control vulnerability

Subscriber Broken Access Control in Groundhogg 4.4.1 versions...

CVE-2026-40793

CVE-2026-40793 concerns the WordPress Groundhogg plugin (versions earlier than 4.4.1) with a Broken Access Control vulnerability. The public description identifies the issue as a subscriber-level access control flaw in Groundhogg &lt; 4.4.1. The connected documents corroborate that the vulnerabil...

CVE-2026-40793 WordPress Groundhogg plugin < 4.4.1 - Broken Access Control vulnerability

Subscriber Broken Access Control in Groundhogg 4.4.1 versions...

CVE-2026-40727 WordPress Groundhogg plugin <= 4.4 - Arbitrary File Deletion vulnerability

Sales Representative Arbitrary File Deletion in Groundhogg = 4.4 versions...

CVE-2026-40727 WordPress Groundhogg plugin <= 4.4 - Arbitrary File Deletion vulnerability

Sales Representative Arbitrary File Deletion in Groundhogg = 4.4 versions...

CVE-2026-40727

The CVE covers WordPress Groundhogg plugin versions ≤ 4.4, vulnerable to Arbitrary File Deletion in the Sales Representative component. The root cause details are not fully provided, but the CVSSv3.1 score is 7.7 (HIGH) with Network attack vector, low attack complexity, privilege requirement, and...

PT-2026-49430

Subscriber Broken Access Control in Groundhogg 4.4.1 versions...

PT-2026-49406

Name of the Vulnerable Software and Affected Versions Groundhogg versions prior to 4.5 Description The Sales Representative feature contains a path traversal flaw that allows for arbitrary file deletion. Recommendations Update to a version later than 4.4. Restrict access to the Sales Representati...

WordPress Groundhogg plugin < 4.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Groundhogg versions 4.4.1...

WordPress Groundhogg plugin <= 4.4 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin Groundhogg versions = 4.4...

CVE-2023-40681

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Groundhogg Inc. Groundhogg plugin = 2.7.11.10 versions...

CVE-2025-1267

The Groundhogg plugin for Wordpress is vulnerable to Stored Cross-Site Scripting via the ‘label' parameter in versions up to, and including, 3.7.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access, to...

WordPress Groundhogg plugin <= 4.2.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Groundhogg versions = 4.2.6...

CVE-2025-12750

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to SQL Injection via the 'term' parameter in all versions up to, and including, 4.2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-12750

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to SQL Injection via the 'term' parameter in all versions up to, and including, 4.2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-12750

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to SQL Injection via the 'term' parameter in all versions up to, and including, 4.2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...