CVE-2025-48300

CVE-2025-48300 relates to Groundhogg (WordPress plugin) with an Unrestricted Upload of File with Dangerous Type that enables uploading a web shell on the server. Affected: Groundhogg versions up to and including 4.2.1. Reported exploitation vectors are not detailed in the provided sources; the CV...

CVE-2024-56289 WordPress Groundhogg plugin <= 3.7.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Tobey Groundhogg groundhogg allows Reflected XSS.This issue affects Groundhogg: from n/a through = 3.7.3.3...

WordPress Groundhogg Plugin <= 2.7.9.8 is vulnerable to Cross Site Scripting (XSS)

Software Groundhogg Type Plugin Vulnerable versions = 2.7.9.8 Fixed in 2.7.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2735 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9ca54816b270 Credits Lana Codes Required...

Groundhogg <= 2.0.8.1 - Authenticated Reflected XSS

Wordpress Groundhogg plugin with a version lower than 2.0.8.1 is affected by an authenticated Reflected Cross-site scripting XSS vulnerability. Exploit Title: Wordpress Groundhogg /wp-admin/admin.php?page=ghbulkjobs&action=ghexportcontactsalert1 - The response will contain: bulkaction:...