CVE-2026-13226: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in trainingbusinesspros Groundhogg — CRM, Newsletters, and Marketing Automation
Groundhogg — CRM, Newsletters, and Marketing Automation WordPress plugin versions up to 4.5.4 are vulnerable to SQL Injection via the 'after' parameter. The vulnerability arises from insufficient escaping and lack of proper SQL query preparation. An authenticated user with Sales Manager-level access or higher can exploit this to append SQL queries and extract sensitive database information. Additionally, the AJAX handler wp_ajax_groundhogg_get_contacts_table lacks proper capability checks and nonce verification, allowing any authenticated user to reach the vulnerable code path.
AI Analysis
Technical Summary
The Groundhogg WordPress plugin is affected by an SQL Injection vulnerability (CWE-89) due to improper neutralization of special elements in SQL commands. Specifically, the 'after' parameter is not properly escaped or prepared in SQL queries, enabling authenticated attackers with Sales Manager-level privileges or higher to inject additional SQL commands. The AJAX handler wp_ajax_groundhogg_get_contacts_table has its capability check commented out and lacks nonce verification, which broadens access to the vulnerable code to any authenticated user regardless of role. This vulnerability allows unauthorized extraction of sensitive information from the database. No official patch or remediation guidance has been provided as of the published date.
Potential Impact
An attacker with at least Sales Manager-level access can exploit the SQL Injection vulnerability to extract sensitive information from the database. Due to the missing capability checks and nonce verification in the AJAX handler, any authenticated user can reach the vulnerable code path, potentially increasing the attack surface. The vulnerability does not impact integrity or availability but compromises confidentiality of data stored in the database.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict user roles to trusted personnel only and monitor for suspicious activity. Review and harden WordPress user role permissions to limit access to Sales Manager-level or higher accounts. Consider disabling or restricting access to the vulnerable AJAX handler if possible.
CVE-2026-13226: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in trainingbusinesspros Groundhogg — CRM, Newsletters, and Marketing Automation
Description
Groundhogg — CRM, Newsletters, and Marketing Automation WordPress plugin versions up to 4.5.4 are vulnerable to SQL Injection via the 'after' parameter. The vulnerability arises from insufficient escaping and lack of proper SQL query preparation. An authenticated user with Sales Manager-level access or higher can exploit this to append SQL queries and extract sensitive database information. Additionally, the AJAX handler wp_ajax_groundhogg_get_contacts_table lacks proper capability checks and nonce verification, allowing any authenticated user to reach the vulnerable code path.
CVSS v3.1
Score 6.5medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Groundhogg WordPress plugin is affected by an SQL Injection vulnerability (CWE-89) due to improper neutralization of special elements in SQL commands. Specifically, the 'after' parameter is not properly escaped or prepared in SQL queries, enabling authenticated attackers with Sales Manager-level privileges or higher to inject additional SQL commands. The AJAX handler wp_ajax_groundhogg_get_contacts_table has its capability check commented out and lacks nonce verification, which broadens access to the vulnerable code to any authenticated user regardless of role. This vulnerability allows unauthorized extraction of sensitive information from the database. No official patch or remediation guidance has been provided as of the published date.
Potential Impact
An attacker with at least Sales Manager-level access can exploit the SQL Injection vulnerability to extract sensitive information from the database. Due to the missing capability checks and nonce verification in the AJAX handler, any authenticated user can reach the vulnerable code path, potentially increasing the attack surface. The vulnerability does not impact integrity or availability but compromises confidentiality of data stored in the database.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict user roles to trusted personnel only and monitor for suspicious activity. Review and harden WordPress user role permissions to limit access to Sales Manager-level or higher accounts. Consider disabling or restricting access to the vulnerable AJAX handler if possible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-06-24T16:36:42.922Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3de0e34853345fc10869e0
Added to database: 06/26/2026, 02:16:03 UTC
Last enriched: 06/26/2026, 02:31:04 UTC
Last updated: 06/26/2026, 02:31:04 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.