Deserialization Vulnerability in CRM Perks WP Gravity Forms HubSpot
CVE-2025-60178
9.8CRITICAL
What is CVE-2025-60178?
A deserialization of untrusted data vulnerability exists in the CRM Perks WP Gravity Forms HubSpot plugin, allowing for potential object injection attacks. This issue affects versions of the plugin up to and including 1.2.6. Attackers could exploit this vulnerability to manipulate object structures and execute unauthorized actions, putting the security of affected systems at risk. It is crucial for users to update to a secure version promptly.
Affected Version(s)
WP Gravity Forms HubSpot <= n/a
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Phat RiO - BlueRock | Patchstack Bug Bounty Program