CVE-2025-8606 - CERT CVE

  1. CVE-2025-8606

ID CVE-2025-8606
Sažetak The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation on the activate_plugin and deactivate_plugin functions. This makes it possible for attackers to trick authenticated administrators into activating or deactivating specified plugins via a forged request, such as clicking on a malicious link or visiting a compromised page.
Reference
CVSS
Base: 2.4
Impact: 1.4
Exploitability:0.9
Pristup
VektorSloženostAutentikacija
NETWORK LOW HIGH
Impact
PovjerljivostCjelovitostDostupnost
NONE LOW NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Zadnje važnije ažuriranje 11-10-2025 - 10:15
Objavljeno 11-10-2025 - 10:15