CVE-2026-57667 Adrian Tobey CVE debrief

Who should care

Administrators and security teams responsible for WordPress installations with the Groundhogg plugin should prioritize patching this vulnerability. The vulnerability's HIGH severity and potential for SQL injection attacks make it a critical concern for defenders. Groundhogg users should review their inventory and apply patches or mitigations as soon as possible.

Technical summary

CVE-2026-57667 is a SQL injection vulnerability in the Sales Representative feature of Groundhogg plugin for WordPress. The vulnerability has a CVSS score of 8.5 and is considered HIGH severity. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L, indicating a significant risk of data breaches. The vulnerability is caused by inadequate input validation and sanitization in the Sales Representative feature.

Defensive priority

Defenders should prioritize patching CVE-2026-57667 due to its HIGH severity and potential for SQL injection attacks. Immediate action is necessary to prevent potential data breaches and maintain the security of affected systems.

Recommended defensive actions

• Apply patches or updates to Groundhogg plugin version 4.5 or later
• Review and update inventory of WordPress installations with Groundhogg plugin
• Implement additional monitoring and logging to detect potential SQL injection attacks
• Consider compensating controls, such as web application firewalls, to detect and prevent SQL injection attacks

Evidence notes

The CVE-2026-57667 vulnerability was reported by Patchstack and documented in the NVD. The vulnerability affects Groundhogg plugin versions <= 4.5. The CVE record and NVD detail provide additional information on the vulnerability.

Official resources