Cross-Site Request Forgery in CRM Perks WP Zendesk for Multiple Form Plugins
CVE-2025-32269
4.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 4 April 2025
What is CVE-2025-32269?
A Cross-Site Request Forgery (CSRF) vulnerability exists in the CRM Perks WP Zendesk plugin that affects multiple popular form plugins including Contact Form 7, WPForms, Elementor, Formidable, and Ninja Forms. This vulnerability could allow an attacker to perform unauthorized actions on behalf of the user without their consent, potentially leading to unauthorized changes to settings or data leakage. Affected versions range from earlier releases to version 1.1.3, necessitating immediate attention for users to mitigate potential security risks.
Affected Version(s)
WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.3