CVE-2023-2716 - Vulnerability Details - OpenCVE

The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload a file to the contact, and then lists all the other uploaded files related to the contact.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Groundhogg	Groundhogg

Configuration 1 [-]

cpe:2.3:a:groundhogg:groundhogg:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/contacts/contacts-page.php#L458
https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/contacts/contacts-page.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/3c5bde0e-3138-4995-92ae-6deaf6b7be5b?source=cve

History

Wed, 08 Apr 2026 17:45:00 +0000

Type	Values Removed	Values Added
Title		Groundhogg <= 2.7.9.8 - Missing Authorization to Non-Arbitrary File Upload

Mon, 13 Jan 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-05-20T02:03:22.121Z

Updated: 2026-04-08T16:47:24.952Z

Reserved: 2023-05-15T16:46:02.087Z

Link: CVE-2023-2716

Vulnrichment

Updated: 2024-08-02T06:33:04.306Z

NVD

Status : Modified

Published: 2023-05-20T03:15:09.157

Modified: 2026-04-08T18:18:05.107

Link: CVE-2023-2716

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-2716", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-05-15T16:46:02.087Z", "datePublished": "2023-05-20T02:03:22.121Z", "dateUpdated": "2026-04-08T16:47:24.952Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:47:24.952Z"}, "affected": [{"vendor": "trainingbusinesspros", "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.7.9.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload a file to the contact, and then lists all the other uploaded files related to the contact."}], "title": "Groundhogg <= 2.7.9.8 - Missing Authorization to Non-Arbitrary File Upload", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c5bde0e-3138-4995-92ae-6deaf6b7be5b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/contacts/contacts-page.php#L458"}, {"url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/contacts/contacts-page.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "timeline": [{"time": "2023-05-12T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2023-05-15T00:00:00.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2023-05-19T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:33:04.306Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c5bde0e-3138-4995-92ae-6deaf6b7be5b?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/contacts/contacts-page.php#L458", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/contacts/contacts-page.php", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-13T16:22:16.151328Z", "id": "CVE-2023-2716", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-13T16:48:38.115Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c5bde0e-3138-4995-92ae-6deaf6b7be5b?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/contacts/contacts-page.php#L458", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/contacts/contacts-page.php", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:33:04.306Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-2716", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-13T16:22:16.151328Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-13T16:22:17.501Z"}}], "cna": {"title": "Groundhogg <= 2.7.9.8 - Missing Authorization to Non-Arbitrary File Upload", "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}}], "affected": [{"vendor": "trainingbusinesspros", "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.7.9.8"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2023-05-12T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2023-05-15T00:00:00.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2023-05-19T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c5bde0e-3138-4995-92ae-6deaf6b7be5b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/contacts/contacts-page.php#L458"}, {"url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/contacts/contacts-page.php"}], "descriptions": [{"lang": "en", "value": "The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload a file to the contact, and then lists all the other uploaded files related to the contact."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:47:24.952Z"}}}, "cveMetadata": {"cveId": "CVE-2023-2716", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:47:24.952Z", "dateReserved": "2023-05-15T16:46:02.087Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2023-05-20T02:03:22.121Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:groundhogg:groundhogg:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9D835091-F60A-4908-8EAB-2095713459C8", "versionEndIncluding": "2.7.9.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload a file to the contact, and then lists all the other uploaded files related to the contact."}], "id": "CVE-2023-2716", "lastModified": "2026-04-08T18:18:05.107", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-20T03:15:09.157", "references": [{"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/contacts/contacts-page.php#L458"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/contacts/contacts-page.php"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c5bde0e-3138-4995-92ae-6deaf6b7be5b?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/contacts/contacts-page.php#L458"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/contacts/contacts-page.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c5bde0e-3138-4995-92ae-6deaf6b7be5b?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Secondary"}]}