Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg 1.3.11.13

  • Severity: high-risk
  • Status: Open
  • Publication: October 23, 2019

The Groundhogg plugin for WordPress is not secure in versions up to 1.3.11.13. An attacker with access to the plugin can use it to extract sensitive information from the WordPress database. This is done by adding extra commands to the existing query, which is made possible by a lack of security measures such as escaping user supplied parameters and insufficient preparation on the existing SQL query.

Detected in:

Groundhogg — CRM, Newsletters, and Marketing Automation fixed vulnerable versions:
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg open vulnerable versions: >= * <= 1.3.11.13

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.