CVE Catalog

CVE-2026-57667

HighCVSS 8.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile — higher than 11% of all known CVEs

Summary

The Groundhogg plugin for WordPress versions 4.5 and earlier contains an SQL injection vulnerability in the Sales Representative module. An attacker can exploit this flaw to execute unauthorized database queries.

Risk Assessment

The risk includes potential leakage of sensitive customer data, modification or deletion of database records, and possible privilege escalation within the system.

Recommendation

Immediately update the Groundhogg plugin to the latest available version that fixes this vulnerability. Also review database logs for suspicious SQL queries.

Original NVD description (English source)

Sales Representative SQL Injection in Groundhogg <= 4.5 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS