Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg 2.7.10.3

  • Severity: high-risk
  • Status: Open
  • Publication: May 30, 2023

The Groundhogg plugin for WordPress has a security issue in versions up to 2.7.10.3. If someone with high-level access to the website, like an administrator, is able to add extra information to an already existing query, this extra information could be used to access sensitive information from the website’s database. This is called SQL Injection and is caused by a user-supplied parameter not being escaped properly and not having enough preparation on the existing SQL query.

Detected in:

Groundhogg — CRM, Newsletters, and Marketing Automation fixed vulnerable versions:
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg open vulnerable versions: >= * <= 2.7.11

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.