17 matches found
EUVD-2026-41270
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2026-13226 Groundhogg <= 4.5.4 - Authenticated (Custom+) SQL Injection via 'after' Parameter
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
EUVD-2026-36996
Subscriber Broken Access Control in Groundhogg 4.4.1 versions...
CVE-2026-40727
Sales Representative Arbitrary File Deletion in Groundhogg = 4.4 versions...
EUVD-2024-36543
Malicious code in bioql PyPI...
EUVD-2024-53086
Malicious code in bioql PyPI...
EUVD-2023-38279
Malicious code in bioql PyPI...
EUVD-2024-37032
Malicious code in bioql PyPI...
CVE-2025-48300 WordPress Groundhogg plugin <= 4.2.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg groundhogg allows Upload a Web Shell to a Web Server.This issue affects Groundhogg: from n/a through = 4.2.1...
PT-2025-29801 · Unknown · Groundhogg
Name of the Vulnerable Software and Affected Versions: Groundhogg versions through 4.2.1 Description: Groundhogg is susceptible to an unrestricted file upload issue that allows for the upload of a web shell to a web server. Recommendations: Update Groundhogg to a version later than 4.2.1...
CVE-2024-37235
Cross-Site Request Forgery CSRF vulnerability in Adrian Tobey Groundhogg groundhogg allows Cross Site Request Forgery.This issue affects Groundhogg: from n/a through = 3.4.2.3...
CVE-2023-34179
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2.7.11...
CVE-2025-4206 WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg <= 4.1.1.2 - Authenticated (Administrator+) Arbitrary File Deletion
The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'processexportdelete' and 'processimportdelete' functions in all versions up to, and including,...
CVE-2024-56289 WordPress Groundhogg plugin <= 3.7.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Tobey Groundhogg groundhogg allows Reflected XSS.This issue affects Groundhogg: from n/a through = 3.7.3.3...
CVE-2024-56289 WordPress Groundhogg plugin <= 3.7.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Tobey Groundhogg groundhogg allows Reflected XSS.This issue affects Groundhogg: from n/a through = 3.7.3.3...
CVE-2023-34179
A vulnerability in Adrian Tobey Groundhogg groundhogg.This issue affects Groundhogg: from n/a through = 2.7.11...
PT-2023-21078 · WordPress · Groundhogg
Name of the Vulnerable Software and Affected Versions: Groundhogg plugin for WordPress versions up to, and including, 2.7.9.8 Description: The issue is due to missing nonce validation in the ajax edit contact function, making it possible for authenticated attackers to elevate verified user...