Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

groundhogg groundhogg vulnerabilities and exploits

(subscribe to this query)
8.8
CVSSv3
CVE-2023-34178
Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. Groundhogg plugin <= 2.7.11 versions.
Groundhogg Groundhogg
7.2
CVSSv3
CVE-2023-34179
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a up to and including 2.7.11.
Groundhogg Groundhogg
4.8
CVSSv3
CVE-2023-40681
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. Groundhogg plugin <= 2.7.11.10 versions.
Groundhogg Groundhogg
4.8
CVSSv3
CVE-2023-41657
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. HollerBox plugin <= 2.3.2 versions.
Groundhogg Hollerbox
4.9
CVSSv3
CVE-2023-2111
The Fast & Effective Popups & Lead-Generation for WordPress plugin prior to 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive i...
Groundhogg Hollerbox
4.3
CVSSv3
CVE-2023-2714
The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level...
Groundhogg Groundhogg
4.3
CVSSv3
CVE-2023-2715
The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_ticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated malicious users to create a suppo...
Groundhogg Groundhogg
4.3
CVSSv3
CVE-2023-2717
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the 'enable_safe_mode' function. This makes it possible for unauthenticated malicious users to enable sa...
Groundhogg Groundhogg
5.4
CVSSv3
CVE-2023-2716
The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, ...
Groundhogg Groundhogg
8
CVSSv3
CVE-2023-2736
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajax_edit_contact' function. This makes it possible for authenticated malicious users to receive th...
Groundhogg Groundhogg
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of serviceCVE-2024-27371CVE-2024-20405CVE-2024-31627CVE-2024-31625race conditionCVE-2024-4358cross-site scriptingCVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook