Description
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft gf-infusionsoft allows Phishing.This issue affects WP Gravity Forms Keap/Infusionsoft: from n/a through <= 1.2.6.
Published: 2025-09-22
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in the CRM Perks WP Gravity Forms Keap/Infusionsoft plugin allows a user to be redirected to an untrusted site. This flaw is categorized as CWE‑601, a web application weakness that can undermine user trust and potentially lead to credential theft through phishing. The CVSS score of 4.7 indicates moderate severity, largely due to the risk of misleading users rather than direct code execution.

Affected Systems

The defect affects all releases of the WP Gravity Forms Keap/Infusionsoft plugin at or earlier than version 1.2.6, regardless of earlier or later sub‑releases, for all installations under the CRM Perks vendor umbrella.

Risk and Exploitability

With a CVSS of 4.7 and an EPSS of less than 1%, the likelihood of exploitation is low, and the vulnerability is not listed in CISA's KEV catalog. The likely attack vector is a crafted HTTP request that triggers the plugin’s redirect routine; an attacker may embed URLs that guide unsuspecting users to malicious or phishing sites. Exploitation requires the target to click the redirected link, and the impact is confined to the victim’s browser session and potential credential compromise.

Generated by OpenCVE AI on April 30, 2026 at 06:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the WP Gravity Forms Keap/Infusionsoft plugin to the latest released version available from the vendor; if the current version is 1.2.6 or earlier, apply an upgrade as soon as a newer version is released.
  • Restrict external redirects by configuring the plugin or using a web application firewall rule that allows redirects only to a whitelist of trusted domains.
  • Implement or enforce redirect validation in the application code, ensuring that URLs are internally validated before being used for navigation.

Generated by OpenCVE AI on April 30, 2026 at 06:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-30610 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft allows Phishing. This issue affects WP Gravity Forms Keap/Infusionsoft: from n/a through 1.2.4.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft allows Phishing. This issue affects WP Gravity Forms Keap/Infusionsoft: from n/a through 1.2.4. URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft gf-infusionsoft allows Phishing.This issue affects WP Gravity Forms Keap/Infusionsoft: from n/a through <= 1.2.6.
Title WordPress WP Gravity Forms Keap/Infusionsoft Plugin <= 1.2.4 - Open Redirection Vulnerability WordPress WP Gravity Forms Keap/Infusionsoft plugin <= 1.2.6 - Open Redirection vulnerability
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'}

Thu, 25 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Crm Perks
Crm Perks wp Gravity Forms Keap/infusionsoft
Wordpress
Wordpress wordpress
Vendors & Products Crm Perks
Crm Perks wp Gravity Forms Keap/infusionsoft
Wordpress
Wordpress wordpress

Mon, 22 Sep 2025 18:30:00 +0000

Type Values Removed Values Added
Description URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft allows Phishing. This issue affects WP Gravity Forms Keap/Infusionsoft: from n/a through 1.2.4.
Title WordPress WP Gravity Forms Keap/Infusionsoft Plugin <= 1.2.4 - Open Redirection Vulnerability
Weaknesses CWE-601
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'}

Subscriptions

Crm Perks Wp Gravity Forms Keap/infusionsoft
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:40.516Z

Reserved: 2025-08-22T11:37:41.965Z

Link: CVE-2025-58006

cve-icon Vulnrichment

Updated: 2025-09-25T13:54:35.937Z

cve-icon NVD

Status : Deferred

Published: 2025-09-22T19:16:01.990

Modified: 2026-04-23T15:33:13.353

Link: CVE-2025-58006

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T06:45:16Z

Weaknesses