{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8593", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-08-05T13:23:02.333Z", "datePublished": "2025-10-11T09:28:40.438Z", "dateUpdated": "2026-04-08T17:21:20.745Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:21:20.745Z"}, "affected": [{"vendor": "westerndeal", "product": "GSheetConnector for Gravity Forms \u2013 Send Gravity Forms Entries to Google Sheets in Real-Time", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.3.27", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to authorization bypass in versions less than, or equal to, 1.3.27. This is due to a missing capability check on the 'install_plugin' function. This makes it possible for authenticated attackers, with subscriber-level access and above to install plugins on the target site and potentially achieve arbitrary code execution on the server under certain conditions."}], "title": "GSheetConnector For Gravity Forms <= 1.3.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c7266ce6-2853-4c5d-9e36-8c5b7418b072?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/gsheetconnector-gravity-forms/tags/1.3.23/includes/class-gravityform-gs-service.php#L128"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3354113%40gsheetconnector-gravity-forms&new=3354113%40gsheetconnector-gravity-forms&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "timeline": [{"time": "2025-07-25T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-08-21T13:47:38.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-10-10T20:59:26.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-14T18:43:21.761132Z", "id": "CVE-2025-8593", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T18:45:15.691Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8593", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-14T18:43:21.761132Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T18:43:22.599Z"}}], "cna": {"title": "GSheetConnector For Gravity Forms <= 1.3.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation", "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "westerndeal", "product": "GSheetConnector for Gravity Forms \u2013 Send Gravity Forms Entries to Google Sheets in Real-Time", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.3.27"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-25T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-08-21T13:47:38.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-10-10T20:59:26.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c7266ce6-2853-4c5d-9e36-8c5b7418b072?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/gsheetconnector-gravity-forms/tags/1.3.23/includes/class-gravityform-gs-service.php#L128"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3354113%40gsheetconnector-gravity-forms&new=3354113%40gsheetconnector-gravity-forms&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to authorization bypass in versions less than, or equal to, 1.3.27. This is due to a missing capability check on the 'install_plugin' function. This makes it possible for authenticated attackers, with subscriber-level access and above to install plugins on the target site and potentially achieve arbitrary code execution on the server under certain conditions."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:21:20.745Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8593", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:21:20.745Z", "dateReserved": "2025-08-05T13:23:02.333Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-10-11T09:28:40.438Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to authorization bypass in versions less than, or equal to, 1.3.27. This is due to a missing capability check on the 'install_plugin' function. This makes it possible for authenticated attackers, with subscriber-level access and above to install plugins on the target site and potentially achieve arbitrary code execution on the server under certain conditions."}], "id": "CVE-2025-8593", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-10-11T10:15:44.140", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/gsheetconnector-gravity-forms/tags/1.3.23/includes/class-gravityform-gs-service.php#L128"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3354113%40gsheetconnector-gravity-forms&new=3354113%40gsheetconnector-gravity-forms&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c7266ce6-2853-4c5d-9e36-8c5b7418b072?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T19:16:10.334844+00:00", "value": {"mitigation_remediation": ["Update the GSheetConnector for Gravity Forms plugin to version 1.3.28 or later.", "If an immediate update is not feasible, revoke the install_plugin capability from the Subscriber role using a role editor plugin or WordPress security tool.", "Configure auditing or logging to detect any new plugin installations and review plugin activity regularly."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation via Plugin Installation"}, "threat_synthesis": {"affected_systems": "WordPress sites running the GSheetConnector for Gravity Forms plugin from Western Deal with a version of 1.3.27 or earlier are impacted. Newer releases (1.3.28 and later) contain the fix.", "description_and_impact": "The vulnerability arises from a missing capability check in the plugin\u2019s install_plugin function, which allows attackers who possess any WordPress role of Subscriber or higher to install and activate arbitrary plugins on the site. This bypass can lead to arbitrary code execution or other compromise when a malicious plugin is installed. The weakness is formally classified as CWE\u2011862.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high severity vulnerability. The EPSS score of less than 1\u202f% suggests that, while the flaw is powerful, exploitation is still considered unlikely at present. The vulnerability is not listed in the CISA KEV catalog. Attackers would need legitimate login credentials with Subscriber level or higher; the exploit requires only the ability to trigger the install_plugin routine, after which a malicious plugin can be added and executed on the server."}}}}, "created": "2025-10-21T13:12:28.332324+00:00", "updated": "2026-04-20T19:30:06.156216+00:00", "vendors": ["westerndeal", "westerndeal$PRODUCT$gsheetconnector_for_gravity_forms", "wordpress", "wordpress$PRODUCT$wordpress"]}