Groundhogg

Groundhogg

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2024-56289

  • EPSS 9.75%
  • Veröffentlicht 07.01.2025 11:15:11
  • Zuletzt bearbeitet 07.01.2025 11:15:11

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Groundhogg Inc. Groundhogg allows Reflected XSS.This issue affects Groundhogg: from n/a through 3.7.3.3.

4.3

CVE-2024-37235

  • EPSS 0.16%
  • Veröffentlicht 02.01.2025 12:15:17
  • Zuletzt bearbeitet 05.06.2025 21:01:00

Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. Groundhogg allows Cross Site Request Forgery.This issue affects Groundhogg: from n/a through 3.4.2.3.

6.1

CVE-2024-37264

  • EPSS 0.28%
  • Veröffentlicht 22.07.2024 09:15:07
  • Zuletzt bearbeitet 21.11.2024 09:23:29

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Groundhogg Inc. Groundhogg allows Reflected XSS.This issue affects Groundhogg: from n/a through 3.4.2.3.

8.8

CVE-2023-34178

  • EPSS 0.13%
  • Veröffentlicht 09.11.2023 19:15:08
  • Zuletzt bearbeitet 21.11.2024 08:06:42

Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. Groundhogg plugin <= 2.7.11 versions.

7.2

CVE-2023-34179

  • EPSS 0.19%
  • Veröffentlicht 03.11.2023 17:15:08
  • Zuletzt bearbeitet 21.11.2024 08:06:43

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2.7.11.

4.8

CVE-2023-40681

  • EPSS 0.06%
  • Veröffentlicht 31.10.2023 10:15:08
  • Zuletzt bearbeitet 21.11.2024 08:19:57

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. Groundhogg plugin <= 2.7.11.10 versions.

4.3

CVE-2023-2715

  • EPSS 0.11%
  • Veröffentlicht 20.05.2023 03:15:09
  • Zuletzt bearbeitet 21.11.2024 07:59:09

The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_ticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to ...

5.4

CVE-2023-2716

  • EPSS 0.13%
  • Veröffentlicht 20.05.2023 03:15:09
  • Zuletzt bearbeitet 21.11.2024 07:59:09

The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8. This makes it possible for authe...

4.3

CVE-2023-2717

  • EPSS 0.06%
  • Veröffentlicht 20.05.2023 03:15:09
  • Zuletzt bearbeitet 21.11.2024 07:59:09

The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the 'enable_safe_mode' function. This makes it possible for unauthenticated attacker...

5.4

CVE-2023-2735

  • EPSS 0.16%
  • Veröffentlicht 20.05.2023 03:15:09
  • Zuletzt bearbeitet 21.11.2024 07:59:11

The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...