WordPress Plugin Vulnerabilities

Groundhogg < 1.3.11.8 - Authenticated SQL Injection

Description

Wordpress Groundhogg plugin with a version lower than 1.3.11.3 is affected by an Authenticated SQL Injection vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
groundhogg
Fixed in 1.3.11.8

References

URL
https://nitesculucian.github.io/2019/10/23/groundhogg-1-3-2-authentificated-sql-injection-vulnerability/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher
Lucian Ioan Nitescu
Submitter
Lucian Ioan Nitescu
Submitter website
https://nitesculucian.github.io/
Submitter twitter
https://twitter.com/LucianNitescu
Verified
No
WPVDB ID
c6516a47-2f20-4cbe-bd88-ca652cc67911

Timeline

Publicly Published
2019-10-23 (about 6 years ago)
Added
2019-10-24 (about 6 years ago)
Last Updated
2019-11-28 (about 6 years ago)

Other

Published
Title
Published
2015-07-06
Title
WP Live Chat Support < 4.4.0 - Unauthenticated Blind SQL Injection
Published
2025-02-18
Title
Small Package Quotes – USPS Edition < 1.3.6 - Unauthenticated SQL Injection
Published
2023-11-06
Title
GD Security Headers < 1.7.1 - Admin+ SQLi
Published
2026-03-20
Title
Fonts Manager | Custom Fonts <= 1.2 - Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter
Published
2023-07-24
Title
WPML String Translation < 3.2.6 - Admin+ SQLi