Vulnerabilities > Groundhogg > Groundhogg > 2.2.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-09 | CVE-2023-34178 | Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. | 8.8 |
| 2023-11-03 | CVE-2023-34179 | SQL Injection vulnerability in Groundhogg Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Groundhogg Inc. | 7.2 |
| 2023-10-31 | CVE-2023-40681 | Cross-site Scripting vulnerability in Groundhogg Auth. | 4.8 |
| 2023-05-20 | CVE-2023-2714 | Missing Authorization vulnerability in Groundhogg The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. | 4.3 |
| 2023-05-20 | CVE-2023-2715 | Missing Authorization vulnerability in Groundhogg The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_ticket' function in versions up to, and including, 2.7.9.8. | 4.3 |
| 2023-05-20 | CVE-2023-2716 | Missing Authorization vulnerability in Groundhogg The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8. | 5.4 |
| 2023-05-20 | CVE-2023-2717 | Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. | 4.3 |
| 2023-05-20 | CVE-2023-2735 | Cross-site Scripting vulnerability in Groundhogg The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2023-05-20 | CVE-2023-2736 | Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. | 8.0 |
| 2023-04-10 | CVE-2023-1425 | Unspecified vulnerability in Groundhogg The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg WordPress plugin before 2.7.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins | 7.2 |