Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg 4.2.1

  • Severity: high-risk
  • Status: Open
  • Publication: July 4, 2025

The Groundhogg plugin for WordPress, which is used for managing customer relationships, emails, and marketing automation, has a security issue. This means that anyone who has access to the plugin and is at the sales rep level or higher can upload any type of file to the website’s server. This could potentially allow them to run code on the site and cause harm.

Detected in:

Groundhogg — CRM, Newsletters, and Marketing Automation fixed vulnerable versions:
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg open vulnerable versions: >= * <= 4.2.1

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.