CVE-2023-2717
- EPSS 0.3%
- Veröffentlicht 20.05.2023 03:15:09
- Zuletzt bearbeitet 08.04.2026 19:18:18
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the 'enable_safe_mode' function. This makes it possible for unauthenticated attacker...
CVE-2023-2735
- EPSS 0.49%
- Veröffentlicht 20.05.2023 03:15:09
- Zuletzt bearbeitet 08.04.2026 18:18:05
The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...
- EPSS 0.4%
- Veröffentlicht 20.05.2023 03:15:09
- Zuletzt bearbeitet 08.04.2026 18:18:05
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajax_edit_contact' function. This makes it possible for authenticated attackers...
CVE-2023-2714
- EPSS 0.53%
- Veröffentlicht 20.05.2023 03:15:08
- Zuletzt bearbeitet 08.04.2026 17:16:57
The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, w...
CVE-2023-1425
- EPSS 0.85%
- Veröffentlicht 10.04.2023 14:15:09
- Zuletzt bearbeitet 11.02.2025 22:15:25
The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg WordPress plugin before 2.7.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by ...
CVE-2019-15647
- EPSS 4.53%
- Veröffentlicht 27.08.2019 12:15:12
- Zuletzt bearbeitet 21.11.2024 04:29:11
The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-ajax.php?action=bulk_action_listener remote code execution.