CVE-2026-13226

CVE-2026-13226 affects the Groundhogg WordPress plugin (CRM/Newsletters/Marketing Automation) up to version 4.5.4. It exposes a generic SQL Injection via the vulnerable 'after' parameter caused by insufficient escaping and lack of proper preparation in the existing SQL query. The issue allows aut...

EUVD-2026-39615

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

PT-2025-6200 · WordPress · Supersaas

Name of the Vulnerable Software and Affected Versions: The SuperSaaS – online appointment scheduling plugin for WordPress versions up to, and including, 2.1.12 Description: The issue is related to Stored Cross-Site Scripting via the after parameter due to insufficient input sanitization and outpu...

WordPress SuperSaaS – online appointment scheduling plugin <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via after Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via after Parameter vulnerability discovered by yudha in WordPress Plugin SuperSaaS – online appointment scheduling versions = 2.1.12...