MEDIUM
trainingbusinesspros
CVE published 2026-06-27
CVE-2026-13331
The Groundhogg plugin for WordPress is vulnerable to SQL injection attacks via the 'search' parameter in versions up to and including 4.5.5. This issue arises from insufficient escaping of user-supplied parameters and inadequate preparation of existing SQL queries. Exploitation of this vulnerability allows authenticated attackers with marketer-level access or higher to append additional SQL queries to exi [truncated]