Hollerbox CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-48885	2 Groundhogg, Wordpress	2 Hollerbox, Wordpress	2026-06-16	7.1 High
Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.
CVE-2023-2111	1 Groundhogg	1 Hollerbox	2025-01-10	4.9 Medium
The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's database.
CVE-2023-41657	1 Groundhogg	1 Hollerbox	2024-11-21	5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. HollerBox plugin <= 2.3.2 versions.

Page 1 of 1.