CVE-2026-13333: SQL Injection Vulnerability in Groundhogg Plugin for WordPress
The Groundhogg plugin for WordPress is vulnerable to a generic SQL injection attack via the 'query[select]' parameter in versions up to and including 4.5.5. This vulnerability allows authenticated attackers with Sales Representative-level access and above to append additional SQL queries to extract sensitive information from the database. The CVSS score for this vulnerability is 6.5, indicating a medium severity. Organizations using the affected versions of the Groundhogg plugin should apply the necessary patches immediately to prevent potential exploitation.