WP-Safety

Groundhogg — CRM, Newsletters, and Marketing Automation Security & Risk Analysis

wordpress.org/plugins/groundhogg

Groundhogg is the best WordPress CRM & Marketing Automation plugin. Create flows, email campaigns, and have a CRM all within your WordPress site.

2K active installs v4.3.2 PHP 7.1+ WP 5.9+ Updated Mar 9, 2026
crmemail-automationemail-marketingmarketing-automationwordpress-crm
88
A · Safe
CVEs total23
Unpatched0
Last CVENov 20, 2025
Plugin page Download
Safety Verdict

Is Groundhogg — CRM, Newsletters, and Marketing Automation Safe to Use in 2026?

Generally Safe

Score 88/100

Groundhogg — CRM, Newsletters, and Marketing Automation has a strong security track record. Known vulnerabilities have been patched promptly.

23 known CVEsLast CVE: Nov 20, 2025Updated 25d ago
Risk Assessment

The Groundhogg plugin version 4.3.2 exhibits a mixed security posture. While it demonstrates good practices in some areas, such as a high percentage of prepared SQL statements and properly escaped output, significant concerns exist. The substantial attack surface, with 65 entry points including 22 unprotected AJAX handlers, presents a considerable risk. The presence of a dangerous `unserialize` function and four high-severity unsanitized taint flows are particularly alarming and indicate potential vulnerabilities for deserialization attacks and path traversal or injection.

The plugin's vulnerability history, with 23 known CVEs including 9 high-severity ones and a recent last vulnerability in late 2025, suggests a pattern of recurring security weaknesses across various types, including deserialization, path traversal, XSS, CSRF, and SQL injection. This historical data, coupled with the current static analysis findings, points to an ongoing need for diligent security oversight and patching.

Overall, while the plugin has strengths in its use of prepared statements and output escaping, the high number of unprotected entry points, critical taint analysis findings, and a concerning vulnerability history necessitate caution. Administrators should prioritize regular updates and be aware of the potential risks associated with its extensive attack surface.

Key Concerns

  • 22 unprotected AJAX handlers
  • 4 high severity unsanitized taint flows
  • Dangerous function: unserialize
  • 23 total known CVEs
  • 9 high severity past CVEs
  • Bundled library: Select2
Vulnerabilities
23

Groundhogg — CRM, Newsletters, and Marketing Automation Security Vulnerabilities

CVEs by Year

3 CVEs in 2019
2019
10 CVEs in 2023
2023
2 CVEs in 2024
2024
8 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
9
Medium
14

23 total CVEs

CVE-2025-12750medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Groundhogg <= 4.2.6.1 - Authenticated (Admin+) SQL Injection

Nov 20, 2025 Patched in 4.2.7 (1d)
CVE-2025-64367medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Groundhogg <= 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 31, 2025 Patched in 4.2.6.1 (5d)
CVE-2025-54053high · 7.5Deserialization of Untrusted Data

Groundhogg <= 4.2.2 - Authenticated (Sales Representative+) PHP Object Injection

Aug 5, 2025 Patched in 4.2.2.1 (7d)
CVE-2025-48300high · 8.8Unrestricted Upload of File with Dangerous Type

Groundhogg <= 4.2.1 - Authenticated (Sales Rep+) Arbitrary File Upload

Jul 4, 2025 Patched in 4.2.2 (5d)
CVE-2025-4206high · 7.2Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg <= 4.1.1.2 - Authenticated (Administrator+) Arbitrary File Deletion

May 8, 2025 Patched in 4.1.2 (1d)
CVE-2025-1267medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Groundhogg <= 3.7.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via label Parameter

Mar 31, 2025 Patched in 4.0 (1d)
CVE-2025-0394high · 8.8Unrestricted Upload of File with Dangerous Type

Groundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function

Jan 13, 2025 Patched in 3.7.3.6 (1d)
CVE-2024-56289medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Groundhogg <= 3.7.3.3 - Reflected Cross-Site Scripting

Jan 3, 2025 Patched in 3.7.3.4 (6d)
CVE-2024-37264medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Groundhogg <= 3.4.2.3 - Reflected Cross-Site Scripting

Jun 27, 2024 Patched in 3.4.3 (6d)
CVE-2024-37235medium · 4.3Cross-Site Request Forgery (CSRF)

Groundhogg <= 3.4.2.3 - Cross-Site Request Forgery

Jun 21, 2024 Patched in 3.4.3 (6d)
CVE-2023-40681medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Groundhogg <= 2.7.11.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via Task Data

Oct 25, 2023 Patched in 2.7.11.11 (90d)
CVE-2023-34178medium · 5.4Cross-Site Request Forgery (CSRF)

Groundhogg <= 2.7.11 - Cross-Site Request Forgery

May 30, 2023 Patched in 2.7.11.1 (238d)
CVE-2023-34179high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Groundhogg <= 2.7.11 - Authenticated (Administrator+) SQL Injection

May 30, 2023 Patched in 2.7.11.1 (238d)
CVE-2023-2715medium · 4.3Missing Authorization

Groundhogg <= 2.7.9.8 - Missing Authorization to Admin Account and Ticket Creation

May 19, 2023 Patched in 2.7.10 (249d)
CVE-2023-2714medium · 4.3Missing Authorization

Groundhogg <= 2.7.9.8 - Missing Authorization to Update License

May 19, 2023 Patched in 2.7.10 (249d)
CVE-2023-2716medium · 5.4Missing Authorization

Groundhogg <= 2.7.9.8 - Missing Authorization to Non-Arbitrary File Upload

May 19, 2023 Patched in 2.7.10 (249d)
CVE-2023-2735medium · 4.9Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Groundhogg <= 2.7.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

May 19, 2023 Patched in 2.7.10 (249d)
CVE-2023-2736high · 7.5Cross-Site Request Forgery (CSRF)

Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Privilege Escalation

May 19, 2023 Patched in 2.7.10 (249d)
CVE-2023-2717medium · 5.4Cross-Site Request Forgery (CSRF)

Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Disable All Plugins

May 19, 2023 Patched in 2.7.10 (249d)
CVE-2023-1425high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Groundhogg <= 2.7.9.3 - Authenticated (Administrator)+ SQL Injection

Mar 20, 2023 Patched in 2.7.9.4 (309d)
WF-bc69ec54-b30f-402e-ad3b-24fd680ea72b-groundhogghigh · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Groundhogg <= 1.3.11.13 - SQL Injection

Oct 23, 2019 Patched in 2.0.8 (1553d)
WF-2052278d-f1df-4a31-8688-11c7c8d20e07-groundhoggmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Groundhogg <= 2.0.8.1 - Reflected Cross-Site Scripting

Sep 10, 2019 Patched in 2.0.9.11 (1596d)
CVE-2019-15647high · 8.8Improper Control of Generation of Code ('Code Injection')

WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg < 1.3.5 - Remote Code Execution

Apr 8, 2019 Patched in 1.3.5 (1957d)
Code Analysis
Analyzed Mar 16, 2026

Groundhogg — CRM, Newsletters, and Marketing Automation Code Analysis

Dangerous Functions
1
Raw SQL Queries
49
268 prepared
Unescaped Output
128
1764 escaped
Nonce Checks
34
Capability Checks
375
File Operations
18
External Requests
14
Bundled Libraries
1

Dangerous Functions Found

unserialize$this->__unserialize( unserialize( $serialized ) );includes\classes\base-object.php:560

Bundled Libraries

Select2

SQL Query Safety

85% prepared317 total queries

Output Escaping

93% escaped1892 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths
<map-import> (admin\tools\map-import.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
22 unprotected

Groundhogg — CRM, Newsletters, and Marketing Automation Attack Surface

Entry Points65
Unprotected22

AJAX Handlers 53

authwp_ajax_gh_estimate_send_durationadmin\broadcasts\broadcasts-page.php:43
authwp_ajax_bulk_action_listeneradmin\bulk-jobs\bulk-job-page.php:39
authwp_ajax_groundhogg_contact_upload_fileadmin\contacts\contacts-page.php:79
authwp_ajax_groundhogg_edit_contactadmin\contacts\contacts-page.php:80
authwp_ajax_groundhogg_contact_table_rowadmin\contacts\contacts-page.php:81
authwp_ajax_groundhogg_get_contacts_tableadmin\contacts\contacts-page.php:82
authwp_ajax_groundhogg_save_card_orderadmin\contacts\info-cards.php:22
authwp_ajax_gh_process_bg_taskadmin\events\events-page.php:55
authwp_ajax_gh_save_funnel_via_ajaxadmin\funnels\funnels-page.php:67
authwp_ajax_gh_flow_simulateadmin\funnels\funnels-page.php:68
authwp_ajax_gh_funnel_editor_full_screen_preferenceadmin\funnels\funnels-page.php:70
authwp_ajax_gh_guided_setup_subscribeadmin\guided-setup\guided-setup.php:96
authwp_ajax_gh_guided_setup_telemetryadmin\guided-setup\guided-setup.php:97
authwp_ajax_gh_guided_setup_licenseadmin\guided-setup\guided-setup.php:98
authwp_ajax_groundhogg_remote_install_hollerboxadmin\guided-setup\guided-setup.php:99
authwp_ajax_gh_apply_for_review_your_funneladmin\guided-setup\guided-setup.php:100
authwp_ajax_groundhogg_doc_searchadmin\help\help-page.php:42
authwp_ajax_groundhogg_fix_missing_tablesadmin\help\help-page.php:43
authwp_ajax_groundhogg_enable_safe_modeadmin\help\help-page.php:44
authwp_ajax_groundhogg_disable_safe_modeadmin\help\help-page.php:45
authwp_ajax_groundhogg_submit_support_ticketadmin\help\help-page.php:46
authwp_ajax_groundhogg_resave_permalinksadmin\help\help-page.php:47
authwp_ajax_groundhogg_check_support_licenseadmin\help\help-page.php:48
authwp_ajax_groundhogg_refresh_dashboard_reportsadmin\reports\reports-page.php:29
authwp_ajax_gh_install_cronadmin\tools\tools-page.php:153
authwp_ajax_gh_check_cronadmin\tools\tools-page.php:154
authwp_ajax_gh_disable_internal_cronadmin\tools\tools-page.php:155
authwp_ajax_gh_get_checklist_itemsadmin\welcome\welcome-page.php:41
authwp_ajax_gh_get_recommendation_itemsadmin\welcome\welcome-page.php:42
authwp_ajax_gh_get_newsadmin\welcome\welcome-page.php:43
authwp_ajax_gh_generate_ai_converter_email_addressincludes\ai\actions.php:88
authwp_ajax_gh_ai_subject_lineincludes\ai\ai-handler.php:13
authwp_ajax_gh_ai_simple_textincludes\ai\ai-handler.php:14
authwp_ajax_gh_ai_formatted_textincludes\ai\ai-handler.php:15
authwp_ajax_gh_ai_imageincludes\ai\ai-handler.php:16
authwp_ajax_gh_pre_big_file_uploadincludes\big-file-uploader.php:10
authwp_ajax_gh_big_file_upload_successincludes\big-file-uploader.php:11
authwp_ajax_gh_big_file_uploadincludes\big-file-uploader.php:12
authwp_ajax_groundhogg_ajax_form_submitincludes\form\submission-handler.php:78
authwp_ajax_groundhogg_ajax_form_submitincludes\form\submission-handler.php:79
noprivwp_ajax_groundhogg_ajax_form_submitincludes\form\submission-handler.php:80
noprivwp_ajax_groundhogg_ajax_form_submitincludes\form\submission-handler.php:81
authwp_ajax_user_meta_pickerincludes\functions.php:5663
authwp_ajax_gh_meta_pickerincludes\functions.php:5709
authwp_ajax_gh_meta_value_pickerincludes\functions.php:5757
authwp_ajax_gh_plugin_feedbackincludes\functions.php:8820
authwp_ajax_groundhogg_mailhawk_remote_installincludes\mailhawk.php:32
authwp_ajax_gh_dismiss_noticeincludes\notices.php:39
authwp_ajax_gh_undismiss_noticeincludes\notices.php:40
authwp_ajax_gh_read_noticeincludes\notices.php:41
authwp_ajax_gh_remote_notificationsincludes\notices.php:42
authwp_ajax_gh_process_bg_taskincludes\plugin-compatibility.php:37
authwp_ajax_groundhogg_dismiss_reviewincludes\reviews.php:11

Shortcodes 12

[preferences-center] includes\functions.php:3433
[gh_email] includes\shortcodes.php:30
[gh_form] includes\shortcodes.php:31
[gh_replacements] includes\shortcodes.php:32
[ghr] includes\shortcodes.php:33
[gh_contact] includes\shortcodes.php:34
[gh_is_contact] includes\shortcodes.php:35
[gh_is_not_contact] includes\shortcodes.php:36
[gh_is_not_logged_in] includes\shortcodes.php:37
[gh_is_logged_in] includes\shortcodes.php:38
[gh_does_not_have_tags] includes\shortcodes.php:39
[gh_has_tags] includes\shortcodes.php:40
WordPress Hooks 389
actioninitadmin\admin-menu.php:55
actionadmin_bar_menuadmin\admin-menu.php:56
filteradmin_body_classadmin\admin-menu.php:57
filtergroundhogg/admin/menu_priorityadmin\admin-menu.php:58
actionadmin_menuadmin\admin-page.php:50
actionadmin_enqueue_scriptsadmin\admin-page.php:60
actionadmin_enqueue_scriptsadmin\admin-page.php:61
actionadmin_enqueue_scriptsadmin\admin-page.php:62
filteradmin_titleadmin\admin-page.php:63
filterset-screen-optionadmin\admin-page.php:65
actionadmin_initadmin\admin-page.php:71
actiongroundhogg/broadcast/pre_get_resultsadmin\broadcasts\broadcasts-table.php:573
actiongroundhogg/campaign/pre_get_resultsadmin\campaigns\campaigns-table.php:224
actionadmin_initadmin\contacts\info-cards.php:20
actionadmin_enqueue_scriptsadmin\contacts\info-cards.php:21
actiongroundhogg/admin/contact/record/tab/generaladmin\contacts\parts\contact-editor.php:68
filtergroundhogg/admin/contact/record/tabsadmin\contacts\tab.php:20
actionadmin_initadmin\contacts\tables\contact-table-columns.php:26
actiongroundhogg_contacts_custom_columnadmin\contacts\tables\contact-table-columns.php:27
filtergroundhogg_contact_columnsadmin\contacts\tables\contact-table-columns.php:29
filtergroundhogg_contact_sortable_columnsadmin\contacts\tables\contact-table-columns.php:30
filtergroundhogg/contact_query/allowed_orderby_keysadmin\contacts\tables\contact-table-columns.php:35
filtergroundhogg/contact_query/allowed_orderby_keysadmin\contacts\tables\contact-table-columns.php:222
actionin_admin_headeradmin\emails\emails-page.php:54
actionin_admin_headeradmin\funnels\funnels-page.php:178
actiongroundhogg/admin/gh_funnels/beforeadmin\funnels\funnels-page.php:183
filteradmin_body_classadmin\funnels\funnels-page.php:255
actionadmin_noticesadmin\guided-setup\guided-setup.php:47
actionadmin_print_stylesadmin\help\help-page.php:325
actionadmin_initadmin\settings\settings-page.php:89
actionadmin_initadmin\settings\settings-page.php:90
actionadmin_initadmin\settings\settings-page.php:91
actiongroundhogg/admin/settings/api_tab/after_formadmin\settings\settings-page.php:92
actiongroundhogg/admin/settings/extensions/after_submitadmin\settings\settings-page.php:93
actionadmin_footeradmin\table.php:314
actionedit_user_profileadmin\user\admin-user.php:19
actionshow_user_profileadmin\user\admin-user.php:20
actionedit_user_profile_updateadmin\user\admin-user.php:22
actionpersonal_options_updateadmin\user\admin-user.php:23
actionin_admin_headeradmin\welcome\welcome-page.php:295
actionrest_api_initapi\api-loader.php:34
actionrest_api_initapi\api-loader.php:35
filterrest_request_before_callbacksapi\api-loader.php:36
actiongroundhogg/api/v3/initapi\v3\base.php:38
actiongroundhogg/api/v4/initapi\v4\base-api.php:36
actionwp_mail_failedapi\v4\emails-api.php:382
actionwp_mail_failedapi\v4\emails-api.php:416
actionwp_mail_failedapi\v4\emails-api.php:503
actiongroundhogg/test_email/before_sendapi\v4\emails-api.php:585
actionwp_mail_failedapi\v4\emails-api.php:596
filtergroundhogg/email/toapi\v4\emails-api.php:645
filtergroundhogg/email/subjectapi\v4\emails-api.php:650
filtergroundhogg/background_tasks/schedule_timeapi\v4\funnels-api.php:189
actiongroundhogg/contact_query/pre_get_contactsapi\v4\reports-api.php:98
actionelementor/widgets/registerblocks\blocks.php:16
actioninitblocks\blocks.php:17
actioninitblocks\gutenberg\bootstrap.php:23
actiongroundhogg/db/post_delete/contactdb\activity.php:62
actiongroundhogg/owner_deleteddb\contacts.php:91
filterquerydb\contacts.php:251
actionswitch_blogdb\db.php:117
actiongroundhogg/contact/mergeddb\db.php:120
actiongroundhogg/owner_deleteddb\emails.php:173
actiongroundhogg/owner_deleteddb\funnels.php:72
actionplugins_loadeddb\manager.php:34
actionactivate_plugindb\manager.php:37
actiongroundhogg/owner_deleteddb\notes.php:39
actiongroundhogg/contact/mergeddb\notes.php:40
actiongroundhogg/object_mergeddb\notes.php:41
actiongroundhogg/db/post_deletedb\object-relationships.php:69
actiongroundhogg/object_mergeddb\object-relationships.php:70
actiongroundhogg/db/post_deletedb\other-activity.php:59
actiongroundhogg/object_mergeddb\other-activity.php:60
actioninitdb\page-visits.php:32
actiongroundhogg/dailydb\page-visits.php:44
actiongroundhogg/db/post_delete/contactdb\page-visits.php:68
actiongroundhogg/db/post_delete/contactdb\permissions-keys.php:51
actiongroundhogg/db/post_delete/funneldb\steps.php:70
actiongroundhogg/db/post_delete/contactdb\submissions.php:65
actiongroundhogg/db/post_delete/contactdb\tag-relationships.php:70
actiongroundhogg/db/post_delete/tagdb\tag-relationships.php:71
actiongroundhogg/db/post_delete/contactdb\traits\event-log.php:40
actiongroundhogg/db/post_delete/funneldb\traits\event-log.php:41
actiongroundhogg/db/post_delete/stepdb\traits\event-log.php:42
filterquerydb\traits\insert-ignore.php:20
filterquerydb\traits\insert-ignore.php:33
actionplugins_loadedgroundhogg.php:38
actionadmin_noticesgroundhogg.php:45
actionadmin_noticesgroundhogg.php:47
actionwp_loginincludes\activity-handler.php:23
actionwp_logoutincludes\activity-handler.php:24
actiongroundhogg/form/submission_handler/afterincludes\activity-handler.php:26
filtergroundhogg/step/enqueue/eventincludes\background\add-contacts-to-funnel-last-id.php:79
filterpre_user_queryincludes\background\sync-users-last-id.php:38
actioninitincludes\background-tasks.php:28
actioninitincludes\backwards-compatibility.php:23
filterquery_varsincludes\backwards-compatibility.php:24
actiontemplate_redirectincludes\backwards-compatibility.php:25
actionedd_graph_load_scriptsincludes\backwards-compatibility.php:26
filtergroundhogg/mappable_fieldsincludes\better-meta-compat.php:305
filtergroundhogg/handle_ajax_meta_pickerincludes\better-meta-compat.php:337
actiongroundhogg/generate_contact_with_map/defaultincludes\better-meta-compat.php:368
actiongroundhogg/update_contact_with_map/defaultincludes\better-meta-compat.php:369
filtergroundhogg/export_header_nameincludes\better-meta-compat.php:393
actiongroundhogg/replacements/initincludes\better-meta-compat.php:474
actiongroundhogg/admin/contacts/register_table_columnsincludes\better-meta-compat.php:504
actionpre_get_postsincludes\block-registry.php:275
actionpre_get_postsincludes\block-registry.php:421
actionpre_get_postsincludes\block-registry.php:452
actiongroundhogg/cleanupincludes\bounce-checker.php:51
actioninitincludes\bounce-checker.php:54
actioninitincludes\bulk-jobs\manager.php:21
actiongroundhogg/queue/processed_eventsincludes\classes\broadcast.php:830
actiongroundhogg/email_logger/before_create_logincludes\classes\email-log-item.php:49
actionphpmailer_initincludes\classes\email-log-item.php:52
actionphpmailer_initincludes\classes\email.php:1280
actionphpmailer_initincludes\classes\email.php:1281
actionwp_mail_failedincludes\classes\email.php:1282
filterwp_mail_content_typeincludes\classes\email.php:1283
filterwp_mail_from_nameincludes\classes\email.php:1286
filterwp_mail_fromincludes\classes\email.php:1287
actioninitincludes\cleanup-actions.php:14
actiongroundhogg/cleanupincludes\cleanup-actions.php:16
actiongroundhogg/cleanupincludes\cleanup-actions.php:17
actiongroundhogg/cleanupincludes\cleanup-actions.php:18
actiongroundhogg/cleanupincludes\cleanup-actions.php:19
actiongroundhogg/cleanupincludes\cleanup-actions.php:20
actiongroundhogg/cleanupincludes\cleanup-actions.php:21
actiongroundhogg/cleanupincludes\cleanup-actions.php:22
actiongroundhogg/event/run/afterincludes\cli\queue.php:50
actioninitincludes\daily-actions.php:13
actiongroundhogg/dailyincludes\daily-actions.php:16
actiongroundhogg/dailyincludes\daily-actions.php:17
filterheartbeat_receivedincludes\edit-lock.php:155
actiongroundhogg/set_lockincludes\edit-lock.php:214
actionphpmailer_initincludes\email-logger.php:33
actionwp_mail_failedincludes\email-logger.php:35
actionretrieve_passwordincludes\email-logger.php:38
actioninitincludes\email-services.php:40
actionadmin_noticesincludes\email-services.php:41
actionadmin_noticesincludes\email-services.php:66
actionwp_mail_failedincludes\email-services.php:352
actionadmin_initincludes\extension-upgrader.php:118
actiongroundhogg/init/v2includes\extension.php:72
actionadmin_noticesincludes\extension.php:237
actiongroundhogg/admin/funnels/editor_scriptsincludes\extension.php:247
actiongroundhogg_enqueue_step_type_assetsincludes\extension.php:248
actiongroundhogg_enqueue_filter_assetsincludes\extension.php:249
actiongroundhogg/scripts/after_register_admin_scriptsincludes\extension.php:250
actiongroundhogg/scripts/after_register_admin_stylesincludes\extension.php:251
actiongroundhogg/scripts/after_register_frontend_scriptsincludes\extension.php:252
actiongroundhogg/scripts/after_register_frontend_stylesincludes\extension.php:256
actiongroundhogg/db/manager/initincludes\extension.php:258
actiongroundhogg/api/v3/pre_initincludes\extension.php:259
actiongroundhogg/api/v4/pre_initincludes\extension.php:260
actiongroundhogg/bulk_jobs/initincludes\extension.php:261
actiongroundhogg/admin/initincludes\extension.php:262
actiongroundhogg/steps/initincludes\extension.php:263
actiongroundhogg/dashboard/widgets/initincludes\extension.php:264
actiongroundhogg/replacements/initincludes\extension.php:265
actiongroundhogg/admin/contacts/register_info_cardsincludes\extension.php:266
actiongroundhogg/admin/contacts/register_table_columnsincludes\extension.php:267
filtergroundhogg/admin/emails/blocks/initincludes\extension.php:268
filtergroundhogg/reporting/reportsincludes\extension.php:270
filtergroundhogg/admin/settings/settingsincludes\extension.php:271
filtergroundhogg/admin/settings/tabsincludes\extension.php:272
filtergroundhogg/admin/settings/sectionsincludes\extension.php:273
filtergroundhogg/templates/emailsincludes\extension.php:275
filtergroundhogg/templates/funnelsincludes\extension.php:276
filterpre_get_ready_cron_jobsincludes\filters.php:57
filterrender_blockincludes\filters.php:79
filterrender_blockincludes\filters.php:141
filtergroundhogg/steps/enqueueincludes\filters.php:179
filtergroundhogg/api/v4/options_sanitize_callbackincludes\filters.php:212
filtergroundhogg/meta/step/update/filter_valueincludes\filters.php:235
filterretrieve_password_messageincludes\filters.php:251
filterwp_mail_fromincludes\filters.php:291
filterwp_mail_from_nameincludes\filters.php:292
filtergroundhogg/email/the_contentincludes\filters.php:305
filtergroundhogg/email/the_contentincludes\filters.php:318
filtergroundhogg/email/the_contentincludes\filters.php:331
filtergroundhogg/email_template/contentincludes\filters.php:357
filteradmin_footer_textincludes\filters.php:438
filtergroundhogg/admin/emails/sanitize_email_contentincludes\filters.php:440
filtergroundhogg/admin/emails/sanitize_email_contentincludes\filters.php:441
filtergroundhogg/admin/emails/sanitize_email_contentincludes\filters.php:442
filterwp_kses_allowed_htmlincludes\filters.php:556
filtersafe_style_cssincludes\filters.php:557
filtersafe_style_cssincludes\filters.php:602
filtertiny_mce_before_initincludes\filters.php:703
filteruser_contactmethodsincludes\filters.php:720
filteruser_phone_labelincludes\filters.php:736
filterheartbeat_receivedincludes\filters.php:784
filtergroundhogg/form/shortcodeincludes\form\fields\input.php:18
actioninitincludes\form\submission-handler.php:83
actionwp_mail_failedincludes\functions.php:1474
actionuser_registerincludes\functions.php:1638
actiongroundhogg/after_form_submitincludes\functions.php:1846
actiongroundhogg/after_form_submitincludes\functions.php:1849
actiongroundhogg/after_form_submitincludes\functions.php:1863
actiongroundhogg/after_form_submitincludes\functions.php:1876
actiongroundhogg/after_form_submitincludes\functions.php:1908
actiongroundhogg/after_form_submitincludes\functions.php:1921
actionwp_headincludes\functions.php:3512
actiongroundhogg/generate_contact_with_map/afterincludes\functions.php:4244
actiongroundhogg/admin/contact/saveincludes\functions.php:4246
actiongroundhogg/api/contact/createdincludes\functions.php:4248
actiongroundhogg/api/contact/updatedincludes\functions.php:4249
actionadmin_menuincludes\functions.php:4389
actionadmin_print_stylesincludes\functions.php:4478
filtermime_typesincludes\functions.php:4484
actioninitincludes\functions.php:4533
actiongroundhogg/contact/post_updateincludes\functions.php:5058
actionwp_loadedincludes\functions.php:5870
actiongroundhogg/event_queue/before_processincludes\functions.php:5881
actioninitincludes\functions.php:6642
actionadmin_initincludes\functions.php:6643
filtertiny_mce_pluginsincludes\functions.php:6659
filterwp_resource_hintsincludes\functions.php:6660
actiondelete_user_formincludes\functions.php:7576
actiondelete_userincludes\functions.php:7638
actionadmin_headincludes\functions.php:7789
actionadmin_initincludes\functions.php:8365
actionrest_api_initincludes\functions.php:8366
actiongroundhogg/event/run/beforeincludes\functions.php:9107
actionretrieve_password_keyincludes\functions.php:9108
actioninitincludes\imap-inbox.php:31
filterpre_ksesincludes\kses.php:111
filterpre_ksesincludes\kses.php:116
actionactivated_pluginincludes\license-manager.php:30
actionadmin_noticesincludes\license-notice.php:13
actionadmin_noticesincludes\license-notice.php:14
actionadmin_footerincludes\modal.php:26
actionadmin_enqueue_scriptsincludes\modal.php:28
actionafter_setup_themeincludes\notices.php:32
actionadmin_noticesincludes\notices.php:34
actionadmin_noticesincludes\notices.php:35
actionadmin_noticesincludes\notices.php:36
actionadmin_initincludes\notices.php:38
actionadmin_noticesincludes\pluggable.php:18
actionadmin_enqueue_scriptsincludes\plugin-compatibility.php:15
actionadmin_enqueue_scriptsincludes\plugin-compatibility.php:16
actionmailhawk/bouncedincludes\plugin-compatibility.php:19
filterbp_core_wpsignup_redirectincludes\plugin-compatibility.php:22
filterbp_enable_private_network_public_contentincludes\plugin-compatibility.php:23
filterbb_enable_private_rest_apis_public_contentincludes\plugin-compatibility.php:24
filterwu_signup_step_handler_create-accountincludes\plugin-compatibility.php:27
filtergroundhogg/has_accepted_cookiesincludes\plugin-compatibility.php:30
actiondokan_enqueue_admin_dashboard_scriptincludes\plugin-compatibility.php:33
actiondokan_enqueue_admin_scriptsincludes\plugin-compatibility.php:34
actiongroundhogg/background_tasksincludes\plugin-compatibility.php:38
actiongroundhogg/event_queue/before_processincludes\plugin-compatibility.php:39
actiongenerate_rewrite_rulesincludes\plugin-compatibility.php:42
filterpll_rewrite_rulesincludes\plugin-compatibility.php:43
actionwp_ultimo_registrationincludes\plugin-compatibility.php:121
actionin_admin_headerincludes\plugin-compatibility.php:272
actionin_admin_headerincludes\plugin-compatibility.php:277
actionplugins_loadedincludes\plugin.php:388
actionadmin_enqueue_scriptsincludes\pointers.php:40
actionadmin_footerincludes\pointers.php:41
actioninitincludes\preferences.php:22
filterquery_varsincludes\preferences.php:23
filtertemplate_includeincludes\preferences.php:26
filtercron_schedulesincludes\queue\event-queue.php:84
actioninitincludes\queue\event-queue.php:88
actioninitincludes\queue\event-queue.php:89
actionheartbeat_tickincludes\queue\event-queue.php:91
actionheartbeat_nopriv_tickincludes\queue\event-queue.php:92
actiongroundhogg/queue/event_store/claim_eventsincludes\queue\process-contact-events.php:32
actiongroundhogg/event/failedincludes\queue\process-contact-events.php:33
actioninitincludes\replacements.php:57
actionadmin_footerincludes\replacements.php:60
actiongroundhogg/contact/post_updateincludes\replacements.php:64
actiongroundhogg/api/contact/updatedincludes\replacements.php:65
actionnew_to_publishincludes\replacements.php:67
actiondraft_to_publishincludes\replacements.php:68
actionfuture_to_publishincludes\replacements.php:69
actionsave_postincludes\replacements.php:71
filterexcerpt_moreincludes\replacements.php:2096
actionpre_get_postsincludes\replacements.php:2314
filterexcerpt_moreincludes\replacements.php:2368
filterpost_thumbnail_htmlincludes\replacements.php:2394
actionadmin_noticesincludes\reviews.php:10
actioninitincludes\rewrites.php:11
filterquery_varsincludes\rewrites.php:12
filterrequestincludes\rewrites.php:13
filtertemplate_includeincludes\rewrites.php:16
actiontemplate_redirectincludes\rewrites.php:19
actionwp_enqueue_scriptsincludes\scripts.php:15
actionwp_enqueue_scriptsincludes\scripts.php:16
actionadmin_enqueue_scriptsincludes\scripts.php:18
actionadmin_enqueue_scriptsincludes\scripts.php:19
actionwp_after_admin_bar_renderincludes\scripts.php:21
filterwp_refresh_noncesincludes\scripts.php:23
actionenqueue_block_editor_assetsincludes\scripts.php:25
actionenqueue_block_assetsincludes\scripts.php:26
filterno_texturize_shortcodesincludes\shortcodes.php:28
actionwp_mail_failedincludes\steps\actions\admin-notification.php:366
filtergroundhogg/email/subjectincludes\steps\actions\send-email.php:258
filtergroundhogg/email/headersincludes\steps\actions\send-email.php:260
actionadmin_footerincludes\steps\benchmarks\form-filled.php:49
actionadmin_enqueue_scriptsincludes\steps\funnel-step.php:90
actionwp_enqueue_scriptsincludes\steps\funnel-step.php:93
actioninitincludes\steps\manager.php:51
actionupdate_option_gh_enable_tag_mappingincludes\tag-mapping.php:48
actiongroundhogg/contact/preferences/updatedincludes\tag-mapping.php:51
actiongroundhogg/db/post_insert/contactincludes\tag-mapping.php:52
actiongroundhogg/event/failedincludes\tag-mapping.php:57
actiongroundhogg/contact/post_createincludes\tag-mapping.php:60
actiongroundhogg/contact/post_createincludes\tag-mapping.php:61
actionadd_user_roleincludes\tag-mapping.php:64
actionset_user_roleincludes\tag-mapping.php:65
actionremove_user_roleincludes\tag-mapping.php:66
actiongroundhogg/contact/added_gdpr_consentincludes\tag-mapping.php:69
actiongroundhogg/contact/added_marketing_consentincludes\tag-mapping.php:70
actiongroundhogg/contact/revoked_gdpr_consentincludes\tag-mapping.php:71
actiongroundhogg/contact/revoked_marketing_consentincludes\tag-mapping.php:72
actionadmin_initincludes\tag-mapping.php:74
filtergroundhogg/contacts/add_tag/beforeincludes\tag-mapping.php:76
filtergroundhogg/contacts/remove_tag/beforeincludes\tag-mapping.php:77
actionadmin_initincludes\telemetry.php:10
actiongroundhogg/telemetryincludes\telemetry.php:11
actionadmin_initincludes\tools.php:404
actionwp_loginincludes\tracking.php:91
actionafter_setup_themeincludes\tracking.php:94
actioninitincludes\tracking.php:95
actioninitincludes\tracking.php:98
filterrequestincludes\tracking.php:101
filterquery_varsincludes\tracking.php:102
actiontemplate_redirectincludes\tracking.php:104
actiontemplate_redirectincludes\tracking.php:105
actiontemplate_redirectincludes\tracking.php:106
actiongroundhogg/after_form_submitincludes\tracking.php:108
actiongroundhogg/preferences/erase_profileincludes\tracking.php:110
actionuser_registerincludes\user-syncing.php:9
actionprofile_updateincludes\user-syncing.php:10
actionset_user_roleincludes\user-syncing.php:12
actionadd_user_roleincludes\user-syncing.php:13
actionremove_user_roleincludes\user-syncing.php:14
actiondelete_userincludes\user-syncing.php:15
actionadded_user_metaincludes\user-syncing.php:18
actionupdated_user_metaincludes\user-syncing.php:19
actiondeleted_user_metaincludes\user-syncing.php:20
filterwp_privacy_personal_data_erasersincludes\user-syncing.php:23
actiongroundhogg/install_custom_rewritesincludes\utils\abstract-rewrites.php:14
actioninitincludes\utils\abstract-rewrites.php:15
filterquery_varsincludes\utils\abstract-rewrites.php:16
filterrequestincludes\utils\abstract-rewrites.php:17
filtertemplate_includeincludes\utils\abstract-rewrites.php:20
actiontemplate_redirectincludes\utils\abstract-rewrites.php:21
filterupload_dirincludes\utils\files.php:340
actionmedia_buttonsincludes\utils\html.php:454
actionadmin_initincludes\utils\installer.php:20
actiongroundhogg/resetincludes\utils\installer.php:24
actionwp_initialize_siteincludes\utils\installer.php:27
filterwpmu_drop_tablesincludes\utils\installer.php:28
actionactivated_pluginincludes\utils\installer.php:29
actiongroundhogg/admin/tools/installincludes\utils\installer.php:31
actionadmin_initincludes\utils\installer.php:32
actiongroundhogg/activatedincludes\utils\roles.php:27
filtermap_meta_capincludes\utils\roles.php:28
actionadmin_initincludes\utils\updater.php:27
actionadmin_noticesincludes\utils\updater.php:28
actioninitincludes\utils\updater.php:32
actiongroundhogg/admin/tools/updatesincludes\utils\updater.php:35
filtergroundhogg/admin/tools/updatersincludes\utils\updater.php:36
actiongroundhogg/admin/tools/network_updatesincludes\utils\updater.php:37
actionadmin_initincludes\utils\updater.php:40
actiongroundhogg/resetincludes\utils\updater.php:44
filteroption_active_pluginsmu-plugins\safe-mode.php:307
actionadmin_bar_menumu-plugins\safe-mode.php:359
actionwp_headtemplates\archive\campaign.php:12
actionwp_headtemplates\archive\campaigns.php:11
actionwp_headtemplates\archive\events.php:13
filtergroundhogg/is_url_excluded_from_trackingtemplates\email\parts\body-open.php:35
actiongroundhogg/templates/email/head/aftertemplates\emails\email.php:29
filtershow_admin_bartemplates\form\form.php:28
actionwp_enqueue_scriptstemplates\form\form.php:36
actionwp_headtemplates\form\submit.php:31
actionwp_headtemplates\form\submit.php:35
filtergroundhogg/managed_page/footer_linkstemplates\form\submit.php:58
actionwp_print_stylestemplates\managed-page.php:82
actionwp_enqueue_scriptstemplates\managed-page.php:83
filterwp_robotstemplates\managed-page.php:85
filterwp_robotstemplates\managed-page.php:86
actionwp_headtemplates\managed-page.php:88
actiongroundhogg/managed_page_noticestemplates\notices.php:40
actionphpmailer_inittemplates\preferences.php:241
actionphpmailer_inittemplates\preferences.php:301

Scheduled Events 3

groundhogg/cleanup
groundhogg/daily
groundhogg/telemetry
Maintenance & Trust

Groundhogg — CRM, Newsletters, and Marketing Automation Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 9, 2026
PHP min version7.1
Downloads310K

Community Trust

Rating98/100
Number of ratings145
Active installs2K
Alternatives

Groundhogg — CRM, Newsletters, and Marketing Automation Alternatives

Meta Counter For Groundhogg | An Counter Action Extension

Meta Counter For Groundhogg | An Counter Action Extension

meta-counter-groundhogg

A
85

A Free Extension for Groundhogg: Adds an action that lets you count any funnel step and stores it in a chosen meta field.

10 No CVEs
CleverReach® WP

CleverReach® WP

cleverreach-wp

A
94

Connect your WordPress account with our easy-to-use email software and increase the success of your website or blog with newsletter marketing!

4K 2 CVEs
Newsletter Sign-Up for CleverReach

Newsletter Sign-Up for CleverReach

cleverreach

A
100

Easily integrate a CleverReach Sign-Up form in your website. Supports widget, shortcode, comment integration and template function

2K No CVEs
SALESmanago & Leadoo

SALESmanago & Leadoo

salesmanago

A
95

AI-powered Customer Engagement Platform for impact-hungry eCommerce marketing teams

1K 4 CVEs
SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM

SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM

surecontact

A
100

Send newsletters, set up email automations, manage contacts and track ecommerce revenue in a CRM for WordPress.

500 No CVEs
Developer Profile

Groundhogg — CRM, Newsletters, and Marketing Automation Developer Profile

Adrian Tobey

7 plugins · 6K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
275 days
View full developer profile
Detection Fingerprints

How We Detect Groundhogg — CRM, Newsletters, and Marketing Automation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/groundhogg/assets/css/admin-bar.css/wp-content/plugins/groundhogg/assets/css/admin.css/wp-content/plugins/groundhogg/assets/css/backend.css/wp-content/plugins/groundhogg/assets/css/blocks.css/wp-content/plugins/groundhogg/assets/css/frontend.css/wp-content/plugins/groundhogg/assets/css/login.css/wp-content/plugins/groundhogg/assets/css/notifications.css/wp-content/plugins/groundhogg/assets/css/quick-edit.css+19 more
Script Paths
/wp-content/plugins/groundhogg/assets/js/admin-bar.js/wp-content/plugins/groundhogg/assets/js/admin.js/wp-content/plugins/groundhogg/assets/js/backend.js/wp-content/plugins/groundhogg/assets/js/blocks.js/wp-content/plugins/groundhogg/assets/js/frontend.js/wp-content/plugins/groundhogg/assets/js/login.js+5 more
Version Parameters
/wp-content/plugins/groundhogg/assets/css/admin-bar.css?ver=/wp-content/plugins/groundhogg/assets/css/admin.css?ver=/wp-content/plugins/groundhogg/assets/css/backend.css?ver=/wp-content/plugins/groundhogg/assets/css/blocks.css?ver=/wp-content/plugins/groundhogg/assets/css/frontend.css?ver=/wp-content/plugins/groundhogg/assets/css/login.css?ver=/wp-content/plugins/groundhogg/assets/css/notifications.css?ver=/wp-content/plugins/groundhogg/assets/css/quick-edit.css?ver=/wp-content/plugins/groundhogg/assets/css/settings.css?ver=/wp-content/plugins/groundhogg/assets/css/tags.css?ver=/wp-content/plugins/groundhogg/assets/css/theme.css?ver=/wp-content/plugins/groundhogg/assets/js/admin-bar.js?ver=/wp-content/plugins/groundhogg/assets/js/admin.js?ver=/wp-content/plugins/groundhogg/assets/js/backend.js?ver=/wp-content/plugins/groundhogg/assets/js/blocks.js?ver=/wp-content/plugins/groundhogg/assets/js/frontend.js?ver=/wp-content/plugins/groundhogg/assets/js/login.js?ver=/wp-content/plugins/groundhogg/assets/js/notifications.js?ver=/wp-content/plugins/groundhogg/assets/js/quick-edit.js?ver=/wp-content/plugins/groundhogg/assets/js/settings.js?ver=/wp-content/plugins/groundhogg/assets/js/tags.js?ver=/wp-content/plugins/groundhogg/assets/js/theme.js?ver=

HTML / DOM Fingerprints

CSS Classes
groundhogg-admingroundhogg-backendgroundhogg-blocksgroundhogg-frontendgroundhogg-logingroundhogg-notificationsgroundhogg-settingsgroundhogg-tags+1 more
HTML Comments
<!-- Groundhogg --><!-- Groundhogg - Safe Mode -->
Data Attributes
data-groundhoggdata-gh-iddata-gh-type
JS Globals
GroundhoggGH_Safe_Mode_AJAX_URLgroundhogg_admin_bar_argsgroundhogg_blocks_argsgroundhogg_frontend_argsgroundhogg_login_args+5 more
FAQ

Frequently Asked Questions about Groundhogg — CRM, Newsletters, and Marketing Automation