cleantalk
Vulnerabilities and Security Researches

WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg, CVE-2025-48300

CVE, Research URL

CVE-2025-48300

Home page URL

Security reports for WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg

Application

WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg

Published on
Jul 16, 2025
Research Description
Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg allows Upload a Web Shell to a Web Server. This issue affects Groundhogg: from n/a through 4.2.1.
Affected versions
Min -, max 4.2.2.
Status
vulnerable
Previous vulnerability researches
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg (CVE-2024-37264) , Jul 01, 2024
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg (CVE-2025-54053) , Aug 12, 2025
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg (CVE-2025-4206) , May 10, 2025
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg (CVE-2025-0394) , Jan 15, 2025
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg (CVE-2024-56289) , Jan 07, 2025
New vulnerability
Elementor Website Builder – More than Just a Page Builder (CVE-2025-8081) , Aug 14, 2025
Easy restaurant menu manager (CVE-2025-8491) , Aug 14, 2025
Project Cost Calculator (CVE-2025-52775) , Aug 14, 2025
String locator , Aug 13, 2025
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler (CVE-2025-54028) , Aug 13, 2025