Description
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Salesforce gf-salesforce-crmperks allows Phishing.This issue affects WP Gravity Forms Salesforce: from n/a through <= 1.4.7.
Published: 2025-06-06
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the CRM Perks WP Gravity Forms Salesforce plugin allows attackers to craft URLs that redirect users to arbitrary, untrusted sites. This open redirect can be exploited to deliver phishing or malware payloads by convincing users that they are being directed to legitimate sites. The weakness is an improper validation of redirect destinations, consistent with CWE‑601, and results in a moderate security impact.

Affected Systems

The vulnerability affects the WP Gravity Forms Salesforce plugin, released by CRM Perks. Versions from the earliest released build up to and including 1.4.7 are affected. Any WordPress site that has the plugin installed within this version range is at risk.

Risk and Exploitability

The CVSS score of 4.7 indicates a moderate severity, and the EPSS score of < 1% suggests a low likelihood of exploitation in the wild. The issue is not listed in CISA KEV, implying no confirmed widespread exploitation. Attackers would need to embed a malicious link that exploits the redirect logic, likely as part of a phishing campaign. The vulnerability is exploitable via user interaction with the redirected link; no local privilege escalation or remote code execution is possible.

Generated by OpenCVE AI on April 30, 2026 at 18:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade WP Gravity Forms Salesforce to version 1.4.8 or later where the open‑redirection flaw is fixed.
  • If an upgrade is not immediately possible, configure the plugin to use a strict whitelist of approved redirect domains, or disable external redirects entirely.
  • Apply site‑wide .htaccess or web‑application firewall rules to block requests that contain suspicious query parameters used to trigger redirects.
  • Regularly review outgoing links generated by the plugin to ensure no unauthorized external destinations are being served.

Generated by OpenCVE AI on April 30, 2026 at 18:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-17219 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Salesforce allows Phishing. This issue affects WP Gravity Forms Salesforce: from n/a through 1.4.7.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Salesforce allows Phishing. This issue affects WP Gravity Forms Salesforce: from n/a through 1.4.7. URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Salesforce gf-salesforce-crmperks allows Phishing.This issue affects WP Gravity Forms Salesforce: from n/a through <= 1.4.7.
Title WordPress WP Gravity Forms Salesforce <= 1.4.7 - Open Redirection Vulnerability WordPress WP Gravity Forms Salesforce plugin <= 1.4.7 - Open Redirection Vulnerability
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'}

Fri, 06 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Jun 2025 13:15:00 +0000

Type Values Removed Values Added
Description URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Salesforce allows Phishing. This issue affects WP Gravity Forms Salesforce: from n/a through 1.4.7.
Title WordPress WP Gravity Forms Salesforce <= 1.4.7 - Open Redirection Vulnerability
Weaknesses CWE-601
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:01.860Z

Reserved: 2025-03-26T09:22:20.465Z

Link: CVE-2025-30953

cve-icon Vulnrichment

Updated: 2025-06-06T15:09:50.933Z

cve-icon NVD

Status : Deferred

Published: 2025-06-06T13:15:36.260

Modified: 2026-04-23T15:27:23.613

Link: CVE-2025-30953

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T18:30:16Z

Weaknesses