Lucene search
K

17 matches found

EUVD
EUVD
added 4 days ago6 views

EUVD-2026-41270

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS5.8AI score0.00441EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/26 1:27 a.m.35 views

CVE-2026-13226 Groundhogg <= 4.5.4 - Authenticated (Custom+) SQL Injection via 'after' Parameter

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.00281EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/15 9:30 p.m.11 views

EUVD-2026-36996

Subscriber Broken Access Control in Groundhogg 4.4.1 versions...

6.5CVSS5.1AI score0.00279EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-40727

Sales Representative Arbitrary File Deletion in Groundhogg = 4.4 versions...

7.7CVSS0.00342EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-36543

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-53086

Malicious code in bioql PyPI...

7.1CVSS7.6AI score0.00669EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-38279

Malicious code in bioql PyPI...

7.2CVSS7.7AI score0.00675EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-37032

Malicious code in bioql PyPI...

4.3CVSS6.4AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/16 11:28 a.m.7 views

CVE-2025-48300 WordPress Groundhogg plugin <= 4.2.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg groundhogg allows Upload a Web Shell to a Web Server.This issue affects Groundhogg: from n/a through = 4.2.1...

9.1CVSS5.2AI score0.00423EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/16 12:0 a.m.6 views

PT-2025-29801 · Unknown · Groundhogg

Name of the Vulnerable Software and Affected Versions: Groundhogg versions through 4.2.1 Description: Groundhogg is susceptible to an unrestricted file upload issue that allows for the upload of a web shell to a web server. Recommendations: Update Groundhogg to a version later than 4.2.1...

9.1CVSS6.4AI score0.00423EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 6:56 a.m.8 views

CVE-2024-37235

Cross-Site Request Forgery CSRF vulnerability in Adrian Tobey Groundhogg groundhogg allows Cross Site Request Forgery.This issue affects Groundhogg: from n/a through = 3.4.2.3...

4.3CVSS5.9AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:22 a.m.8 views

CVE-2023-34179

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2.7.11...

7.6CVSS7.8AI score0.00675EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/09 11:11 a.m.10 views

CVE-2025-4206 WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg <= 4.1.1.2 - Authenticated (Administrator+) Arbitrary File Deletion

The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'processexportdelete' and 'processimportdelete' functions in all versions up to, and including,...

7.2CVSS7.3AI score0.01313EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/01/07 10:49 a.m.13 views

CVE-2024-56289 WordPress Groundhogg plugin <= 3.7.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Tobey Groundhogg groundhogg allows Reflected XSS.This issue affects Groundhogg: from n/a through = 3.7.3.3...

7.1CVSS0.00669EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/07 10:49 a.m.7 views

CVE-2024-56289 WordPress Groundhogg plugin <= 3.7.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Tobey Groundhogg groundhogg allows Reflected XSS.This issue affects Groundhogg: from n/a through = 3.7.3.3...

7.1CVSS8.6AI score0.00669EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/11/03 5:15 p.m.3 views

CVE-2023-34179

A vulnerability in Adrian Tobey Groundhogg groundhogg.This issue affects Groundhogg: from n/a through = 2.7.11...

7.6CVSS7.5AI score0.00675EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/05/20 12:0 a.m.5 views

PT-2023-21078 · WordPress · Groundhogg

Name of the Vulnerable Software and Affected Versions: Groundhogg plugin for WordPress versions up to, and including, 2.7.9.8 Description: The issue is due to missing nonce validation in the ajax edit contact function, making it possible for authenticated attackers to elevate verified user...

8CVSS7.9AI score0.00399EPSS
Exploits0References8
Rows per page
Query Builder