WordPress Plugin Vulnerabilities

Connector for Gravity Forms and Google Sheets < 1.2.5 - Open Redirect

Description

The Connector for Gravity Forms and Google Sheets plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.2.4. This is due to insufficient validation on the redirect url supplied via a parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Affects Plugins

Plugin icon
wp-gravity-forms-spreadsheets
Fixed in 1.2.5

References

CVE
CVE-2025-54681
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/0a617faf-cc1f-453b-b5aa-e357613adee4

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Nguyen Xuan Chien
Verified
No
WPVDB ID
5879f09f-1e61-44fe-b109-4d7a40560c6c

Timeline

Publicly Published
2025-07-30 (about 8 months ago)
Added
2025-08-04 (about 8 months ago)
Last Updated
2025-08-04 (about 8 months ago)

Other

Published
Title
Published
2024-04-29
Title
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup < 4.0.31 - Open Redirect
Published
2014-05-07
Title
Prostore < 1.1.3 - Open Redirection
Published
2021-06-01
Title
MC4WP: Mailchimp for WordPress < 4.8.5 - Authenticated Arbitrary Redirect
Published
2025-03-27
Title
AliNext < 3.5.4 - Open Redirect
Published
2017-07-13
Title
Download Manager <= 2.9.50 - Open Redirect