{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8606", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-08-05T18:46:18.517Z", "datePublished": "2025-10-11T09:28:41.262Z", "dateUpdated": "2026-04-08T17:26:12.391Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:26:12.391Z"}, "affected": [{"vendor": "westerndeal", "product": "GSheetConnector for Gravity Forms \u2013 Send Gravity Forms Entries to Google Sheets in Real-Time", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.3.23", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation on the activate_plugin and deactivate_plugin functions. This makes it possible for attackers to trick authenticated administrators into activating or deactivating specified plugins via a forged request, such as clicking on a malicious link or visiting a compromised page."}], "title": "GSheetConnector For Gravity Forms <= 1.3.23 - Cross-Site Request Forgery to Arbitrary Plugin Activation/Deactivation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5c48de7-20f6-408e-b4fb-f3d5d7ab272f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/gsheetconnector-gravity-forms/tags/1.3.23/includes/class-gravityform-gs-service.php#L154"}, {"url": "https://plugins.trac.wordpress.org/browser/gsheetconnector-gravity-forms/tags/1.3.23/includes/class-gravityform-gs-service.php#L39"}, {"url": "https://plugins.trac.wordpress.org/changeset/3339653"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "baseScore": 2.4, "baseSeverity": "LOW"}}], "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "timeline": [{"time": "2025-07-25T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-08-21T13:47:38.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-10-10T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-14T18:31:56.369056Z", "id": "CVE-2025-8606", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T18:45:03.472Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8606", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-14T18:31:56.369056Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T18:31:57.168Z"}}], "cna": {"title": "GSheetConnector For Gravity Forms <= 1.3.23 - Cross-Site Request Forgery to Arbitrary Plugin Activation/Deactivation", "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "westerndeal", "product": "GSheetConnector for Gravity Forms \u2013 Send Gravity Forms Entries to Google Sheets in Real-Time", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.3.23"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-25T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-08-21T13:47:38.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-10-10T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5c48de7-20f6-408e-b4fb-f3d5d7ab272f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/gsheetconnector-gravity-forms/tags/1.3.23/includes/class-gravityform-gs-service.php#L154"}, {"url": "https://plugins.trac.wordpress.org/browser/gsheetconnector-gravity-forms/tags/1.3.23/includes/class-gravityform-gs-service.php#L39"}, {"url": "https://plugins.trac.wordpress.org/changeset/3339653"}], "descriptions": [{"lang": "en", "value": "The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation on the activate_plugin and deactivate_plugin functions. This makes it possible for attackers to trick authenticated administrators into activating or deactivating specified plugins via a forged request, such as clicking on a malicious link or visiting a compromised page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:26:12.391Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8606", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:26:12.391Z", "dateReserved": "2025-08-05T18:46:18.517Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-10-11T09:28:41.262Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation on the activate_plugin and deactivate_plugin functions. This makes it possible for attackers to trick authenticated administrators into activating or deactivating specified plugins via a forged request, such as clicking on a malicious link or visiting a compromised page."}], "id": "CVE-2025-8606", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-10-11T10:15:44.297", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/gsheetconnector-gravity-forms/tags/1.3.23/includes/class-gravityform-gs-service.php#L154"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/gsheetconnector-gravity-forms/tags/1.3.23/includes/class-gravityform-gs-service.php#L39"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3339653"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5c48de7-20f6-408e-b4fb-f3d5d7ab272f?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T19:15:52.195751+00:00", "value": {"mitigation_remediation": ["Upgrade GSheetConnector to a version newer than 1.3.23.", "Disable or delete the GSheetConnector plugin until a secure version is available.", "Implement multi\u2011factor authentication for administrator accounts to reduce the chances that forged requests succeed."], "summary": {"action": "Patch Now", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Westendeal\u2019s GSheetConnector for Gravity Forms \u2013 Send Gravity Forms Entries to Google Sheets in Real\u2011Time is affected for all releases up to and including version 1.3.23. The plugin is a WordPress add\u2011on that integrates Gravity Forms with Google Sheets.", "description_and_impact": "The GSheetConnector for Gravity Forms plugin is vulnerable to Cross\u2011Site Request Forgery because activate_plugin and deactivate_plugin functions do not correctly validate the nonce. An attacker can craft a malicious link or embed a forged request on a compromised page that, when clicked by an authenticated administrator, triggers the activation or deactivation of any plugin. This allows the attacker to enable a malicious plugin or disable a security plugin, effectively elevating privileges and potentially executing arbitrary code on the WordPress site.", "risk_and_exploitability": "The CVSS score of 2.4 indicates low overall severity, and the EPSS score of <1% shows a very low likelihood of exploitation at the time of this analysis. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to lure an authenticated administrator to an attacker\u2011controlled URL in order to win a CSRF attack; it is not remotely exploitable by unauthenticated actors. While the risk is low, the potential for privilege escalation makes it a concern for sites with sensitive data."}}}}, "created": "2025-10-21T13:12:31.366755+00:00", "updated": "2026-04-20T19:30:06.155319+00:00", "vendors": ["westerndeal", "westerndeal$PRODUCT$gsheetconnector_for_gravity_forms", "wordpress", "wordpress$PRODUCT$wordpress"]}