Trainingbusinesspros Groundhogg — Crm, Newsletters, And Marketing Automation
13 CVEs affecting Trainingbusinesspros Groundhogg — Crm, Newsletters, And Marketing Automation. Latest disclosed: 2026-06-27. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-0394 | High | 8.8 | 2025-01-14 | The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to m… |
CVE-2023-2736 | High | 7.5 | 2023-05-20 | The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validat… |
CVE-2025-4206 | High | 7.2 | 2025-05-09 | The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file deletion due to… |
CVE-2026-13333 | Medium | 6.5 | 2026-06-27 | The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'query[select]' Parameter in all ve… |
CVE-2026-13331 | Medium | 6.5 | 2026-06-27 | The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versi… |
CVE-2026-13226 | Medium | 6.5 | 2026-06-26 | The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versio… |
CVE-2025-1267 | Medium | 5.5 | 2025-04-01 | The Groundhogg plugin for Wordpress is vulnerable to Stored Cross-Site Scripting via the ‘label' parameter in versions up to, and including, 3.7.4.1 due to ins… |
CVE-2023-2717 | Medium | 5.4 | 2023-05-20 | The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validat… |
CVE-2023-2716 | Medium | 5.4 | 2023-05-20 | The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload… |
CVE-2025-12750 | Medium | 4.9 | 2025-11-21 | The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to SQL Injection via the 'term' parameter in all versions up to… |
CVE-2023-2735 | Medium | 4.9 | 2023-05-20 | The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' shortcode in versions up to, and including, 2.7.9.8 due to i… |
CVE-2023-2715 | Medium | 4.3 | 2023-05-20 | The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_ticket' function in ver… |
CVE-2023-2714 | Medium | 4.3 | 2023-05-20 | The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in ve… |