URL Redirection Vulnerability in WP Gravity Forms Dynamics CRM by CRM Perks
CVE-2025-47454

4.7MEDIUM

Key Information:

Vendor: WordPress
Status: WP Gravity Forms Dynamics Crm
Vendor: CVE Published:; 7 May 2025

Summary

A vulnerability has been identified in WP Gravity Forms Dynamics CRM that allows URL redirection to untrusted sites, commonly referred to as an Open Redirect. This could be exploited by attackers to launch phishing schemes, potentially compromising sensitive user information. The affected versions range from an unknown release to 1.1.4, emphasizing the importance for users to update to the latest version to mitigate risks.

Affected Version(s)

WP Gravity Forms Dynamics CRM <= 1.1.4

References

https://patchstack.com/database/wordpress/plugin/gf-dynam...

vdb-entry

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
May 7, 2025

Credit

Nguyen Xuan Chien (Patchstack Alliance)