Browse all 5 CVE security advisories affecting Groundhogg Inc.. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Groundhogg Inc. develops a WordPress marketing automation plugin focused on customer relationship management and lead generation. Historically, the software has been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS), and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. The company maintains five CVE records, with several critical RCE issues allowing unauthenticated attackers to execute arbitrary code on affected servers. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in a WordPress plugin handling sensitive customer data warrants careful implementation and regular updates.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-37264 | WordPress Groundhogg plugin <= 3.4.2.3 - Reflected Cross Site Scripting (XSS) vulnerability — GroundhoggCWE-79 | 7.1 | High | 2024-07-22 |
| CVE-2023-34178 | WordPress Groundhogg Plugin <= 2.7.11 is vulnerable to Cross Site Request Forgery (CSRF) — GroundhoggCWE-352 | 5.4 | Medium | 2023-11-09 |
| CVE-2023-34179 | WordPress Groundhogg Plugin <= 2.7.11 is vulnerable to SQL Injection — GroundhoggCWE-89 | 7.6 | High | 2023-11-03 |
| CVE-2023-40681 | WordPress Groundhogg Plugin <= 2.7.11.10 is vulnerable to Cross Site Scripting (XSS) — GroundhoggCWE-79 | 5.9 | Medium | 2023-10-31 |
| CVE-2023-41657 | WordPress HollerBox Plugin <= 2.3.2 is vulnerable to Cross Site Scripting (XSS) — HollerBoxCWE-79 | 5.9 | Medium | 2023-09-29 |
This page lists every published CVE security advisory associated with Groundhogg Inc.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.