Lucene search
K

12 matches found

EUVD
EUVD
added 2026/06/27 1:27 a.m.7 views

EUVD-2026-39930

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'queryselect' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS6AI score0.00344EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/27 1:27 a.m.8 views

CVE-2026-13333

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'queryselect' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS6AI score0.00344EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/26 2:53 p.m.6 views

EUVD-2026-39671

Sales Representative SQL Injection in Groundhogg = 4.5 versions...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52836

Name of the Vulnerable Software and Affected Versions Groundhogg versions prior to 4.6 Description An authenticated attacker can exploit a SQL Injection flaw in the Sales Representative feature. SQL Injection is a type of vulnerability that allows an attacker to interfere with the queries that an...

8.5CVSS5.9AI score0.00211EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36971

Sales Representative Arbitrary File Deletion in Groundhogg = 4.4 versions...

7.7CVSS5.2AI score0.00342EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49406

Name of the Vulnerable Software and Affected Versions Groundhogg versions prior to 4.5 Description The Sales Representative feature contains a path traversal flaw that allows for arbitrary file deletion. Recommendations Update to a version later than 4.4. Restrict access to the Sales Representati...

7.7CVSS5.4AI score0.00342EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/03 12:0 a.m.12 views

CVE-2024-25842

An issue was discovered in Presta World "Account Manager - Sales Representative & Dealers - CRM" prestasalesmanager module for PrestaShop before version 9.0, allows remote attackers to escalate privilege and obtain sensitive information via the uploadLogo and postProcess methods...

7AI score0.0055EPSS
Exploits0References1
CVE
CVE
added 2024/03/03 12:0 a.m.58 views

CVE-2024-25842

CVE-2024-25842 affects the PrestaWorld Prestasalesmanager module used with PrestaShop up to version 9.0. The issue allows remote attackers to escalate privileges and access sensitive information via the uploadLogo() and postProcess() methods in the module. Concrete details across multiple sources...

7.5CVSS6.8AI score0.0055EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/03/03 12:0 a.m.17 views

CVE-2024-25842

An issue was discovered in Presta World "Account Manager - Sales Representative & Dealers - CRM" prestasalesmanager module for PrestaShop before version 9.0, allows remote attackers to escalate privilege and obtain sensitive information via the uploadLogo and postProcess methods...

6.9AI score0.0055EPSS
Exploits0References1
NVD
NVD
added 2024/02/27 5:15 p.m.27 views

CVE-2024-25840

In the module "Account Manager | Sales Representative & Dealers | CRM" prestasalesmanager up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack...

7.5CVSS6.3AI score0.00582EPSS
Exploits0References2
Prion
Prion
added 2024/02/27 5:15 p.m.15 views

Path traversal

In the module "Account Manager | Sales Representative & Dealers | CRM" prestasalesmanager up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack...

6.9AI score0.00582EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/27 12:0 a.m.14 views

CVE-2024-25840

In the module "Account Manager | Sales Representative & Dealers | CRM" prestasalesmanager up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack...

6.7AI score0.00582EPSS
Exploits0References2
Rows per page
Query Builder