3 matches found
CVE-2026-13226 Groundhogg <= 4.5.4 - Authenticated (Custom+) SQL Injection via 'after' Parameter
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2017-1002007
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/savemail.php doesn't check that the user is authorized before injecting new contacts into the wpcontact table...
Security feature bypass
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/savemail.php doesn't check that the user is authorized before injecting new contacts into the wpcontact table...