Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-10-14
CVE-2025-8593 - Gsheetconnector For Gravity Forms Plugin
The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to authorization bypass in versions less than, or equal to, 1.3.27. This is due to a missing capability check on the 'install_plugin' function. This makes it possible for authenticated attackers, with subscriber-level access and above to install plugins on the target site and potentially achieve arbitrary code execution on the server under certain conditions.
PLUGIN
Gsheetconnector For Gravity Forms
CVE-2025-8593
Risk Score
Threat Entry
Updated 2025-10-14
CVE-2025-8606 - Gsheetconnector For Gravity Forms Plugin
The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation on the activate_plugin and deactivate_plugin functions. This makes it possible for attackers to trick authenticated administrators into activating or deactivating specified plugins via a forged request, such as clicking on a malicious link or visiting a compromised page.
PLUGIN
Gsheetconnector For Gravity Forms
CVE-2025-8606
Risk Score