WordPress Plugin Vulnerabilities

Groundhogg < 2.7.10 - Ticket Creation via CSRF

Description

The plugin does not have CSRF check when creating a support ticket to the plugin author, which could allow attackers to make logged-in admins perform such action via a CSRF attack.

Affects Plugins

Plugin icon
groundhogg
Fixed in 2.7.10

References

CVE
CVE-2023-2715

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
ad0e861c-9562-4c80-90f2-d79a0d7ac007

Timeline

Publicly Published
2023-05-19 (about 2 years ago)
Added
2023-05-23 (about 2 years ago)
Last Updated
2023-05-23 (about 2 years ago)

Other

Published
Title
Published
2025-04-09
Title
PlainInventory <= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2026-01-23
Title
GeoDirectory < 2.8.150 - Cross-Site Request Forgery
Published
2025-10-24
Title
Simple Registration for WooCommerce < 1.5.9 - Cross-Site Request Forgery to Privilege Escalation via Role Request Approval
Published
2025-12-31
Title
Mergado Pack <= 4.2.0 - Cross-Site Request Forgery
Published
2019-02-23
Title
Peters Login Redirect <= 2.9.1 - Multiple CSRF