CVE-2024-37235 – This CSRF vulnerability in Groundhogg WordPress... (How to Fix)

📋 TL;DR

This CSRF vulnerability in Groundhogg WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions. It affects all WordPress sites using Groundhogg versions up to 3.4.2.3.

💻 Affected Systems

Products:

Groundhogg WordPress Plugin

Versions: All versions up to and including 3.4.2.3

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Groundhogg plugin enabled and an authenticated admin session.

📦 What is this software?

Groundhogg by Groundhogg

View all CVEs affecting Groundhogg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify plugin settings, create/delete contacts, or perform other administrative actions without the admin's knowledge.

🟠

Likely Case

Attackers could manipulate contact data, change email marketing settings, or disrupt plugin functionality.

🟢

If Mitigated

With proper CSRF protections, no unauthorized actions can be performed even if users are tricked into clicking malicious links.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires social engineering to trick authenticated admins into clicking malicious links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.4.2.4 or later

Vendor Advisory: https://patchstack.com/database/wordpress/plugin/groundhogg/vulnerability/wordpress-groundhogg-plugin-3-4-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Go to Plugins → Installed Plugins
3. Find Groundhogg and click 'Update Now'
4. Verify version is 3.4.2.4 or higher

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF protection to Groundhogg forms manually

Requires custom PHP development to add nonce verification

Restrict Admin Access

linux

Limit admin panel access to trusted IP addresses only

Add to .htaccess: Order deny,allow
Deny from all
Allow from 192.168.1.0/24

🧯 If You Can't Patch

Disable Groundhogg plugin until patched
Implement web application firewall with CSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Groundhogg version number

Check Version:

wp plugin list --name=groundhogg --field=version

Verify Fix Applied:

Confirm Groundhogg version is 3.4.2.4 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

Multiple failed CSRF token validations
Unexpected Groundhogg admin actions from unusual IPs

Network Indicators:

POST requests to Groundhogg endpoints without referrer headers
Admin actions originating from non-admin pages

SIEM Query:

source="wordpress.log" AND "groundhogg" AND ("action" OR "update" OR "delete") AND NOT "nonce"

📊 Metadata

CVE ID: CVE-2024-37235

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-352

EPSS Score: 0.16% exploit probability (36.8th percentile)

Published: January 2, 2025

Last Updated: June 5, 2025

🔗 References

https://patchstack.com/database/wordpress/plugin/groundhogg/vulnerability/wordpress-groundhogg-plugin-3-4-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-37235, you might also want to check these: