Lucene search
K

140 matches found

Cvelist
Cvelist
added 2 days ago25 views

CVE-2026-57389 WordPress Groundhogg plugin <= 4.4.1 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Adrian Tobey Groundhogg groundhogg allows Path Traversal.This issue affects Groundhogg: from n/a through = 4.4.1...

8.6CVSS0.00382EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-57389

CVE-2026-57389 affects Groundhogg WordPress plugin versions up to 4.4.1. The issue is described as an improper limitation of a pathname to a restricted directory (path traversal) that allows arbitrary file deletion. NVD/Patchstack entries indicate a High severity (CVSS 3.1 base score 8.6) with ne...

8.6CVSS6.1AI score0.00382EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/08 8:59 a.m.5 views

WordPress Groundhogg plugin <= 4.4.1 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by she11f in WordPress Plugin Groundhogg versions = 4.4.1...

8.6CVSS6.1AI score0.00382EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/02 10:16 a.m.9 views

CVE-2026-14029

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.00441EPSS
Exploits0References10
CVE
CVE
added 2026/07/02 8:33 a.m.17 views

CVE-2026-14029

The Groundhogg WordPress plugin (versions up to and including 4.5.8) is affected by a generic SQL Injection via the 'select' parameter. The root cause is insufficient escaping and inadequate preparation of the underlying SQL query, allowing an authenticated attacker with a custom Groundhogg role ...

6.5CVSS5.8AI score0.00441EPSS
Exploits0References10
NVD
NVD
added 2026/06/27 2:16 a.m.12 views

CVE-2026-13333

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'queryselect' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.00344EPSS
Exploits0References6
NVD
NVD
added 2026/06/27 2:16 a.m.13 views

CVE-2026-13331

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.0028EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/27 1:27 a.m.9 views

CVE-2026-13333

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'queryselect' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS6AI score0.00344EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/27 1:27 a.m.7 views

EUVD-2026-39930

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'queryselect' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS6AI score0.00344EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/27 1:27 a.m.34 views

CVE-2026-13333 Groundhogg <= 4.5.5 - Authenticated (Sales Rep+) SQL Injection via 'query[select]' Parameter

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'queryselect' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.00344EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/27 1:27 a.m.8 views

CVE-2026-13331

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/27 1:27 a.m.9 views

EUVD-2026-39928

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/27 1:27 a.m.41 views

CVE-2026-13331 Groundhogg <= 4.5.5 - Authenticated (Marketer+) SQL Injection via 'search' Parameter

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.0028EPSS
Exploits0References7
CVE
CVE
added 2026/06/27 1:27 a.m.18 views

CVE-2026-13331

The affected software is the Groundhogg WordPress plugin (CRM, Newsletters, and Marketing Automation). It is vulnerable to a generic SQL Injection via the 'search' parameter in all versions up to and including 4.5.5 , caused by insufficient escaping of the user-supplied value and inadequate prepa...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References7
CVE
CVE
added 2026/06/26 2:53 p.m.18 views

CVE-2026-57667

CVE-2026-57667 : WordPress Groundhogg plugin versions ≤ 4.5 are affected by a SQL injection in the “Sales Representative” feature. The connected sources confirm the vulnerability exists but do not provide concrete details on the root cause, affected files/functions, or a published remediation. No...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 2:16 a.m.12 views

CVE-2026-13226

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.00281EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/26 1:27 a.m.10 views

EUVD-2026-39615

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS6AI score0.00281EPSS
Exploits0References8
CVE
CVE
added 2026/06/26 1:27 a.m.20 views

CVE-2026-13226

CVE-2026-13226 affects the Groundhogg WordPress plugin (CRM/Newsletters/Marketing Automation) up to version 4.5.4. It exposes a generic SQL Injection via the vulnerable 'after' parameter caused by insufficient escaping and lack of proper preparation in the existing SQL query. The issue allows aut...

6.5CVSS6AI score0.00281EPSS
Exploits0References8
CVE
CVE
added 2026/06/15 8:18 p.m.23 views

CVE-2026-40793

CVE-2026-40793 concerns the WordPress Groundhogg plugin (versions earlier than 4.4.1) with a Broken Access Control vulnerability. The public description identifies the issue as a subscriber-level access control flaw in Groundhogg &lt; 4.4.1. The connected documents corroborate that the vulnerabil...

6.5CVSS5.1AI score0.00279EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.30 views

CVE-2026-40793 WordPress Groundhogg plugin < 4.4.1 - Broken Access Control vulnerability

Subscriber Broken Access Control in Groundhogg 4.4.1 versions...

6.5CVSS0.00279EPSS
Exploits0References1
Rows per page
Query Builder