CVE-2026-40727

HIGH

WordPress Groundhogg plugin <= 4.4 - Arbitrary File Deletion vulnerability

Title source: cna

Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 versions.

Core 1

Core References

Vdb Entry vdb-entry

CVSS v3 7.7

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

CWE

CWE-22

Status published

Products (1)

Groundhogg/Groundhogg < 4.4

Published Jun 15, 2026

Tracked Since Jun 16, 2026