WordPress Plugin Vulnerabilities

Groundhogg < 2.0.9.11 - Authenticated Reflected XSS

Description

Wordpress Groundhogg plugin with a version lower than 2.0.8.1 is affected by an authenticated Reflected Cross-site scripting (XSS) vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
groundhogg
Fixed in 2.0.9.11

References

URL
https://nitesculucian.github.io/2019/10/23/groundhogg-1-3-2-authentificated-reflected-xss-vulnerability/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher
Lucian Ioan Nitescu
Submitter
Lucian Ioan Nitescu
Submitter website
https://nitesculucian.github.io/
Submitter twitter
https://twitter.com/LucianNitescu
Verified
No
WPVDB ID
282c19ba-5a1f-407e-83d6-a308f4ed0e91

Timeline

Publicly Published
2019-10-23 (about 6 years ago)
Added
2019-10-24 (about 6 years ago)
Last Updated
2019-11-28 (about 6 years ago)

Other

Published
Title
Published
2025-07-15
Title
Avada (Fusion) Builder < 3.12.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2024-01-26
Title
Mang Board WP < 1.7.8 - Admin+ Stored XSS
Published
2024-01-09
Title
List category posts < 0.89.4 - Contributor+ Stored Cross-Site Scripting via Shortcode
Published
2024-06-27
Title
Permalink Manager Lite < 2.4.3.4 - Reflected Cross-Site Scripting
Published
2022-01-05
Title
WPLegalPages < 2.7.1 - Subscriber+ Arbitrary Settings Update to Stored XSS