Vulnerabilities > Groundhogg

DATE CVE VULNERABILITY TITLE RISK
2024-07-22 CVE-2024-37264 Cross-site Scripting vulnerability in Groundhogg
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Groundhogg Inc.
network
low complexity
groundhogg CWE-79
6.1
2023-11-09 CVE-2023-34178 Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg
Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc.
network
low complexity
groundhogg CWE-352
8.8
2023-11-03 CVE-2023-34179 SQL Injection vulnerability in Groundhogg
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Groundhogg Inc.
network
low complexity
groundhogg CWE-89
7.2
2023-10-31 CVE-2023-40681 Cross-site Scripting vulnerability in Groundhogg
Auth.
network
low complexity
groundhogg CWE-79
4.8
2023-09-29 CVE-2023-41657 Cross-site Scripting vulnerability in Groundhogg Hollerbox
Auth.
network
low complexity
groundhogg CWE-79
4.8
2023-05-30 CVE-2023-2111 Unspecified vulnerability in Groundhogg Hollerbox
The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's database.
network
low complexity
groundhogg
4.9
2023-05-20 CVE-2023-2714 Missing Authorization vulnerability in Groundhogg
The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8.
network
low complexity
groundhogg CWE-862
4.3
2023-05-20 CVE-2023-2715 Missing Authorization vulnerability in Groundhogg
The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_ticket' function in versions up to, and including, 2.7.9.8.
network
low complexity
groundhogg CWE-862
4.3
2023-05-20 CVE-2023-2716 Missing Authorization vulnerability in Groundhogg
The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8.
network
low complexity
groundhogg CWE-862
5.4
2023-05-20 CVE-2023-2717 Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8.
network
low complexity
groundhogg CWE-352
4.3