Vulnerabilities > Groundhogg > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-22 | CVE-2024-37264 | Cross-site Scripting vulnerability in Groundhogg Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Groundhogg Inc. | 6.1 |
| 2023-10-31 | CVE-2023-40681 | Cross-site Scripting vulnerability in Groundhogg Auth. | 4.8 |
| 2023-09-29 | CVE-2023-41657 | Cross-site Scripting vulnerability in Groundhogg Hollerbox Auth. | 4.8 |
| 2023-05-30 | CVE-2023-2111 | Unspecified vulnerability in Groundhogg Hollerbox The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's database. | 4.9 |
| 2023-05-20 | CVE-2023-2714 | Missing Authorization vulnerability in Groundhogg The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. | 4.3 |
| 2023-05-20 | CVE-2023-2715 | Missing Authorization vulnerability in Groundhogg The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_ticket' function in versions up to, and including, 2.7.9.8. | 4.3 |
| 2023-05-20 | CVE-2023-2716 | Missing Authorization vulnerability in Groundhogg The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8. | 5.4 |
| 2023-05-20 | CVE-2023-2717 | Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. | 4.3 |
| 2023-05-20 | CVE-2023-2735 | Cross-site Scripting vulnerability in Groundhogg The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2019-08-27 | CVE-2019-15647 | Code Injection vulnerability in Groundhogg The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-ajax.php?action=bulk_action_listener remote code execution. | 6.5 |