CVE-2023-1425

State: PUBLISHED · Published: 2023-04-10 · Updated: 2025-02-11 · Assigner: WPScan

Description

The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg WordPress plugin before 2.7.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins

CWE

(none)

Affected

Unknown / WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg — v=0 <2.7.9.4 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/578f4179-e7be-4963-9379-5e694911b451 exploit, vdb-entry, technical-description

Source

cvelistV5-main/cves/2023/1xxx/CVE-2023-1425.json