- EPSS 0.14%
- Veröffentlicht 20.05.2023 03:15:09
- Zuletzt bearbeitet 21.11.2024 07:59:11
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajax_edit_contact' function. This makes it possible for authenticated attackers...
CVE-2023-2714
- EPSS 0.08%
- Veröffentlicht 20.05.2023 03:15:08
- Zuletzt bearbeitet 21.11.2024 07:59:09
The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, w...
CVE-2023-1425
- EPSS 0.29%
- Veröffentlicht 10.04.2023 14:15:09
- Zuletzt bearbeitet 11.02.2025 22:15:25
The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg WordPress plugin before 2.7.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by ...
CVE-2019-15647
- EPSS 10.48%
- Veröffentlicht 27.08.2019 12:15:12
- Zuletzt bearbeitet 21.11.2024 04:29:11
The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-ajax.php?action=bulk_action_listener remote code execution.