CVE Catalog
CVE-2026-57667
HighCVSS 8.5Exploitation Probability (EPSS)
Low risk0.21%
11th percentile — higher than 11% of all known CVEs
Summary
The Groundhogg plugin for WordPress versions 4.5 and earlier contains an SQL injection vulnerability in the Sales Representative module. An attacker can exploit this flaw to execute unauthorized database queries.
Risk Assessment
The risk includes potential leakage of sensitive customer data, modification or deletion of database records, and possible privilege escalation within the system.
Recommendation
Immediately update the Groundhogg plugin to the latest available version that fixes this vulnerability. Also review database logs for suspicious SQL queries.
Original NVD description (English source)
Sales Representative SQL Injection in Groundhogg <= 4.5 versions.

