Groundhogg
Approved changes feed: RSS · Atom
cpe:2.3:a:adrian_tobey:groundhogg:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Adrian Tobey (9b956b86-b04d-56dd-9770-293351c561f6) |
|---|---|
| Product | Groundhogg (7e516aa5-858d-5075-9b44-41477305789f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-64367 |
vulnerable | 2026-06-08 07:39:18.434683 |
WordPress Groundhogg plugin <= 4.2.6 - Cross Site Scripting (XSS) vulnerability
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey Groundhogg groundhogg allows Stored XSS.This issue affects Groundhogg: from n/a through <= 4.2.6.
Published: 2025-10-31T11:42:40.076Z
Updated: 2026-04-28T18:31:38.734Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54053 |
vulnerable | 2026-06-08 07:33:11.070300 |
WordPress Groundhogg plugin <= 4.2.2 - PHP Object Injection vulnerability
MEDIUM (6.6)
Deserialization of Untrusted Data vulnerability in Adrian Tobey Groundhogg groundhogg allows Object Injection.This issue affects Groundhogg: from n/a through <= 4.2.2.
Published: 2025-08-20T08:02:54.742Z
Updated: 2026-04-28T16:13:33.816Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-48300 |
vulnerable | 2026-06-08 07:27:15.676426 |
WordPress Groundhogg plugin <= 4.2.1 - Arbitrary File Upload vulnerability
CRITICAL (9.1)
Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg groundhogg allows Upload a Web Shell to a Web Server.This issue affects Groundhogg: from n/a through <= 4.2.1.
Published: 2025-07-16T11:28:01.803Z
Updated: 2026-04-28T16:12:55.732Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-56289 |
vulnerable | 2026-06-08 06:54:17.681420 |
WordPress Groundhogg plugin <= 3.7.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
HIGH (7.1)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey Groundhogg groundhogg allows Reflected XSS.This issue affects Groundhogg: from n/a through <= 3.7.3.3.
Published: 2025-01-07T10:49:15.359Z
Updated: 2026-04-28T16:10:56.926Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37235 |
vulnerable | 2026-06-08 06:39:46.938028 |
WordPress Groundhogg plugin <= 3.4.2.3 - Cross Site Request Forgery (CSRF) vulnerability
MEDIUM (4.3)
Cross-Site Request Forgery (CSRF) vulnerability in Adrian Tobey Groundhogg groundhogg allows Cross Site Request Forgery.This issue affects Groundhogg: from n/a through <= 3.4.2.3.
Published: 2025-01-02T12:00:42.100Z
Updated: 2026-05-11T22:32:04.673Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34179 |
vulnerable | 2026-06-08 06:06:24.748712 |
WordPress Groundhogg Plugin <= 2.7.11 is vulnerable to SQL Injection
HIGH (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2.7.11.
Published: 2023-11-03T16:48:01.889Z
Updated: 2026-04-28T16:08:28.358Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34178 |
vulnerable | 2026-06-08 06:06:24.747386 |
WordPress Groundhogg Plugin <= 2.7.11 is vulnerable to Cross Site Request Forgery (CSRF)
MEDIUM (5.4)
Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. Groundhogg plugin <= 2.7.11 versions.
Published: 2023-11-09T19:07:27.288Z
Updated: 2026-04-28T16:08:28.305Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.