CVE-2025-12750

Name of the Vulnerable Software and Affected Versions Groundhogg versions prior to 4.2.6.2

Description The Groundhogg plugin for WordPress is susceptible to SQL Injection through the term parameter. Insufficient input sanitization and inadequate SQL query preparation allow authenticated attackers with Administrator-level access or higher to inject additional SQL queries. This can lead to the extraction of sensitive information from the database.

Recommendations Update Groundhogg to version 4.2.6.2 or later.