PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-40793 Groundhogg CVE debrief

CVE-2026-40793 is a medium-severity vulnerability (CVSS Score: 6.5) affecting Groundhogg, a WordPress plugin, prior to version 4.4.1. The vulnerability is classified as a Subscriber Broken Access Control issue. According to the CVE record [resourceLinkAnnotations:cve-org], it was published on 2026-06-15T21:16:51.660Z and last modified on 2026-06-15T21:24:32.790Z. The vulnerability allows an attacker to potentially gain unauthorized access to sensitive data or functionality. Users of affected Groundhogg versions should update to version 4.4.1 or later to mitigate this vulnerability.

Vendor
Groundhogg
Product
Unknown
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-15
Original CVE updated
2026-06-15
Advisory published
2026-06-15
Advisory updated
2026-06-15

Who should care

Administrators and users of the Groundhogg WordPress plugin, especially those using versions prior to 4.4.1, should be aware of this vulnerability and take necessary actions to mitigate it.

Technical summary

The vulnerability is a Subscriber Broken Access Control issue in Groundhogg versions prior to 4.4.1. It has a CVSS Score of 6.5 and is classified as CWE-862. The vulnerability's CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N [sourceItem].

Defensive priority

Medium

Recommended defensive actions

  • Update Groundhogg to version 4.4.1 or later.
  • Review and restrict access controls for Groundhogg subscribers.

Evidence notes

The CVE record [resourceLinkAnnotations:cve-org] and NVD detail [resourceLinkAnnotations:nvd] provide official information about CVE-2026-40793. Additional details can be found in the mitigation or vendor reference [resourceLinkAnnotations:ref-4] provided by Patchstack.

Official resources

CVE-2026-40793 was published on 2026-06-15T21:16:51.660Z and last modified on 2026-06-15T21:24:32.790Z.