{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-0394", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-01-10T18:11:25.358Z", "datePublished": "2025-01-14T08:23:14.407Z", "dateUpdated": "2026-04-08T17:16:31.781Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:16:31.781Z"}, "affected": [{"vendor": "trainingbusinesspros", "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.7.3.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gh_big_file_upload() function in all versions up to, and including, 3.7.3.5. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "title": "Groundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2cf3b85-2e2d-43dc-9877-9a740d4fd2fb?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/3.7.3.5/includes/big-file-uploader.php#L117"}, {"url": "https://wordpress.org/plugins/groundhogg/#developers"}, {"url": "https://plugins.trac.wordpress.org/changeset/3221208/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "cweId": "CWE-434", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "timeline": [{"time": "2025-01-13T20:19:33.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-14T14:46:02.485000Z", "id": "CVE-2025-0394", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-14T14:46:14.802Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0394", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-14T14:46:02.485000Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-14T14:46:06.801Z"}}], "cna": {"title": "Groundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function", "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "trainingbusinesspros", "product": "Groundhogg \u2014 CRM, Newsletters, and Marketing Automation", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.7.3.5"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-01-13T20:19:33.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2cf3b85-2e2d-43dc-9877-9a740d4fd2fb?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/3.7.3.5/includes/big-file-uploader.php#L117"}, {"url": "https://wordpress.org/plugins/groundhogg/#developers"}, {"url": "https://plugins.trac.wordpress.org/changeset/3221208/"}], "descriptions": [{"lang": "en", "value": "The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gh_big_file_upload() function in all versions up to, and including, 3.7.3.5. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:16:31.781Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0394", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:16:31.781Z", "dateReserved": "2025-01-10T18:11:25.358Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-01-14T08:23:14.407Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gh_big_file_upload() function in all versions up to, and including, 3.7.3.5. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}, {"lang": "es", "value": "El plugin WordPress CRM, Email &amp; Marketing Automation para WordPress | Award Winner: Groundhogg es vulnerable a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n gh_big_file_upload() en todas las versiones hasta la 3.7.3.5 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de autor y superior, carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2025-0394", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-01-14T09:15:21.430", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/groundhogg/tags/3.7.3.5/includes/big-file-uploader.php#L117"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3221208/"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/groundhogg/#developers"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2cf3b85-2e2d-43dc-9877-9a740d4fd2fb?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T12:12:11.725092+00:00", "value": {"mitigation_remediation": ["Upgrade the Groundhogg plugin to the latest release that contains the fix, such as 3.7.3.6 or newer.", "If an immediate update is not feasible, disable or limit the gh_big_file_upload capability for users with Author or higher roles, ensuring only administrators can upload files.", "Deploy a web application firewall or file\u2011type filtering solution that blocks uploads of executable file types and permits only the MIME types required by the plugin."], "summary": {"action": "Apply Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "All installations of the trainingbusinesspros Groundhogg WordPress plugin with versions up to and including 3.7.3.5 are vulnerable. This includes any WordPress site that has the plugin at the specified or older versions.", "description_and_impact": "Groundhogg, a WordPress CRM plugin, permits authenticated users with Author or higher role to invoke gh_big_file_upload, which accepts any file type without validation. The lack of file type checks allows the upload of executable files such as PHP scripts, enabling an attacker to run arbitrary code on the server and gain full remote code execution authority.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high severity, and an EPSS score of 5% suggests a non\u2011negligible exploitation probability. The vulnerability is not listed in the CISA KEV catalog. An attacker who is logged in with Author level or higher can reach the file upload interface, submit a malicious file, and then trigger its execution, resulting in remote code execution. The attack vector is authenticated but the impact is system\u2011wide if the attacker succeeds."}}}}, "created": "2026-04-21T22:30:06.140025+00:00", "updated": "2026-04-28T12:15:30.892627+00:00", "vendors": []}