Vulnerabilities > Groundhogg
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-09 | CVE-2023-34178 | Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. | 8.8 |
| 2023-11-03 | CVE-2023-34179 | SQL Injection vulnerability in Groundhogg Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Groundhogg Inc. | 7.2 |
| 2023-10-31 | CVE-2023-40681 | Cross-site Scripting vulnerability in Groundhogg Auth. | 4.8 |
| 2023-09-29 | CVE-2023-41657 | Cross-site Scripting vulnerability in Groundhogg Hollerbox Auth. | 4.8 |
| 2023-05-30 | CVE-2023-2111 | Unspecified vulnerability in Groundhogg Hollerbox The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's database. | 4.9 |
| 2023-05-20 | CVE-2023-2714 | Missing Authorization vulnerability in Groundhogg The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. | 4.3 |
| 2023-05-20 | CVE-2023-2715 | Missing Authorization vulnerability in Groundhogg The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_ticket' function in versions up to, and including, 2.7.9.8. | 4.3 |
| 2023-05-20 | CVE-2023-2716 | Missing Authorization vulnerability in Groundhogg The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8. | 5.4 |
| 2023-05-20 | CVE-2023-2717 | Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. | 4.3 |
| 2023-05-20 | CVE-2023-2735 | Cross-site Scripting vulnerability in Groundhogg The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |