Groundhogg — CRM, Newsletters, and Marketing Automation

Vulnerabilities 27Slug groundhoggLatest version 4.4.1WordPress.org →

Minimum safe version

4.4.1

Update to 4.4.1 or later to address 27 fixable vulnerabilities

Latest available4.4.1 ✓

N/A

2026-04-24< 4.4.1

Groundhogg — CRM, Newsletters, and Marketing Automation < 4.4.1 - Missing Authorization

Wordfence CVE

N/A

2026-04-16< 4.4.1

Groundhogg — CRM, Newsletters, and Marketing Automation <= 4.4 - Authenticated (Sales Representative+) Arbitrary File Deletion

Wordfence CVE

Medium 4.9

2025-11-21< 4.2.7

CVE-2025-12750

CVE Wordfence

Medium 6.5

2025-10-31< 4.2.6.1

CVE-2025-64367

CVE Wordfence EUVD

Medium 6.6

2025-08-20< 4.2.2.1

CVE-2025-54053

CVE EUVD Wordfence

Critical 9.1

2025-07-16< 4.2.2

CVE-2025-48300

CVE EUVD Wordfence

High 7.2

2025-05-09< 4.1.2

WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg <= 4.1.1.2 - Authenticated (Administrator+) Arbitrary File Deletion

EUVD Wordfence CVE

Medium 5.5

2025-04-01< 4.0

Groundhogg <= 3.7.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via label Parameter

EUVD Wordfence CVE

High 8.8

2025-01-13< 3.7.3.6

Groundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function

Wordfence CVE

High 7.1

2025-01-07< 3.7.3.4

CVE-2024-56289

CVE Patchstack Wordfence

Medium 6.1

2024-07-22< 3.4.3

CVE-2024-37264

CVE Patchstack Wordfence

Medium 4.3

2025-01-02< 3.4.3

CVE-2024-37235

CVE Patchstack Wordfence

Medium 5.9

2023-10-31< 2.7.11.11

CVE-2023-40681

CVE Patchstack Wordfence WPScan

High 7.6

2023-11-03< 2.7.11.1

CVE-2023-34179

CVE Patchstack Wordfence WPScan

Medium 5.4

2023-11-09< 2.7.11.1

CVE-2023-34178

CVE Wordfence Patchstack WPScan

High 8.0

2023-05-22< 2.7.10

WordPress Groundhogg Plugin <= 2.7.9.8 is vulnerable to Cross Site Request Forgery (CSRF)

Patchstack CVE Wordfence WPScan

Medium 5.4

2023-05-20< 2.7.10

CVE-2023-2735

CVE Patchstack Wordfence WPScan

Medium 4.3

2023-05-20< 2.7.10

CVE-2023-2717

CVE Wordfence WPScan

Medium 5.4

2023-05-22< 2.7.10

WordPress Groundhogg Plugin <= 2.7.9.8 is vulnerable to Broken Access Control

Patchstack CVE Wordfence WPScan

Medium 4.3

2023-05-20< 2.7.10

CVE-2023-2715

CVE Wordfence WPScan

Medium 4.3

2023-05-20< 2.7.10

CVE-2023-2714

CVE Wordfence

N/A

< 2.0.9.11

Groundhogg <= 2.0.8.1 - Authenticated Reflected XSS

WPScan

N/A

< 1.3.11.8

Groundhogg <= 1.3.11.3 - Authenticated SQL Injection

WPScan

High 7.2

2023-04-11< 2.7.9.4

WordPress Groundhogg Plugin < 2.7.9.4 is vulnerable to SQL Injection

Patchstack CVE Wordfence WPScan

N/A

2019-09-10< 2.0.9.11

Groundhogg <= 2.0.8.1 - Reflected Cross-Site Scripting

Wordfence

N/A

2019-10-23< 2.0.8

Groundhogg <= 1.3.11.13 - SQL Injection

Wordfence

High 8.8

2019-08-27< 1.3.5

CVE-2019-15647

CVE Wordfence WPScan