crmperks 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk cross-site scripting、vendor risk open redirect, and vendor risk sql injection に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で vendor impact session compromise and vendor impact data exposure などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-60180 | Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Salesforce gf-salesforce-crmperks allows Object Injection.This issue affects WP Gravity Forms Salesforce: from n/a through <= 1.5.1. | [email protected] | 9.8 | 0.39% | 2025-12-18 | 2026-06-17 |
| CVE-2025-60178 | Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Object Injection.This issue affects WP Gravity Forms HubSpot: from n/a through <= 1.2.6. | [email protected] | 9.8 | 0.39% | 2025-12-18 | 2026-06-17 |
| CVE-2025-60174 | Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin gf-constant-contact allows Object Injection.This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through <= 1.1.2. | [email protected] | 9.8 | 0.39% | 2025-12-18 | 2026-06-17 |
| CVE-2025-60091 | Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Object Injection.This issue affects WP Gravity Forms Zoho CRM and Bigin: from n/a through <= 1.2.9. | [email protected] | 9.8 | 0.39% | 2025-12-18 | 2026-06-17 |
| CVE-2025-60090 | Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Insightly gf-insightly allows Object Injection.This issue affects WP Gravity Forms Insightly: from n/a through <= 1.1.6. | [email protected] | 9.8 | 0.39% | 2025-12-18 | 2026-06-17 |
| CVE-2025-60089 | Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Object Injection.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through <= 1.3.5. | [email protected] | 9.8 | 0.39% | 2025-12-18 | 2026-06-17 |
| CVE-2024-37463 | Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5. | [email protected] | 5.3 | 0.44% | 2024-11-01 | 2026-06-17 |
| CVE-2024-7484 | The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handle_uploaded_files' function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | [email protected] | 7.2 | 0.93% | 2024-08-05 | 2026-06-17 |
| CVE-2024-30446 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms allows Stored XSS.This issue affects CRM Perks Forms: from n/a through 1.1.4. | [email protected] | 6.5 | 0.34% | 2024-03-29 | 2026-06-17 |
| CVE-2024-30499 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4. | [email protected] | 8.5 | 0.58% | 2024-03-29 | 2026-06-17 |
| CVE-2024-30498 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4. | [email protected] | 9.3 | 2.27% | 2024-03-29 | 2026-06-17 |
| CVE-2023-51536 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms – WordPress Form Builder allows Stored XSS.This issue affects CRM Perks Forms – WordPress Form Builder: from n/a through 1.1.2. | [email protected] | 5.9 | 0.34% | 2024-02-01 | 2026-06-17 |
| CVE-2024-1069 | The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | [email protected] | 7.2 | 1.22% | 2024-01-30 | 2026-06-17 |
| CVE-2022-3604 | The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection. | [email protected] | 7.8 | 0.43% | 2024-01-16 | 2026-06-17 |
| CVE-2023-31095 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8. | [email protected] | 4.7 | 0.36% | 2023-12-29 | 2026-06-17 |
| CVE-2023-37982 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3. | [email protected] | 4.7 | 0.41% | 2023-12-19 | 2026-06-17 |
| CVE-2023-38481 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7. | [email protected] | 4.7 | 0.41% | 2023-12-19 | 2026-06-17 |
| CVE-2023-38478 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and QuickBooks.This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.2.3. | [email protected] | 4.7 | 0.41% | 2023-12-19 | 2026-06-17 |
| CVE-2023-47779 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4. | [email protected] | 4.7 | 0.38% | 2023-12-07 | 2026-06-17 |
| CVE-2023-31212 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through 1.3.0. | [email protected] | 8.5 | 0.74% | 2023-10-31 | 2026-06-17 |