WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg, CVE-2025-64367

CVE, Research URL: CVE-2025-64367
Home page URL: Security reports for WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg
Application: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg
Published on: Oct 31, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey Groundhogg groundhogg allows Stored XSS.This issue affects Groundhogg: from n/a through <= 4.2.6.
Affected versions: max 4.2.6.
Status: vulnerable

WordPress CRM, Email &amp; Marketing Automation for WordPress | Award Winner — Groundhogg, CVE-2025-64367