Aggregates CVE and security vulnerability intelligence across all crmperks-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk cross-site scripting, vendor risk open redirect, and vendor risk sql injection; exposure may include vendor impact session compromise in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-60180 | Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Salesforce gf-salesforce-crmperks allows Object Injection.This issue affects WP Gravity Forms Salesforce: from n/a through <= 1.5.1. | [email protected] | 9.8 | 0.05% | 2025-12-18 | 2026-01-20 |
| CVE-2025-60178 | Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Object Injection.This issue affects WP Gravity Forms HubSpot: from n/a through <= 1.2.6. | [email protected] | 9.8 | 0.06% | 2025-12-18 | 2026-01-20 |
| CVE-2025-60174 | Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin gf-constant-contact allows Object Injection.This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through <= 1.1.2. | [email protected] | 9.8 | 0.05% | 2025-12-18 | 2026-01-20 |
| CVE-2025-60091 | Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Object Injection.This issue affects WP Gravity Forms Zoho CRM and Bigin: from n/a through <= 1.2.9. | [email protected] | 9.8 | 0.05% | 2025-12-18 | 2026-01-20 |
| CVE-2025-60090 | Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Insightly gf-insightly allows Object Injection.This issue affects WP Gravity Forms Insightly: from n/a through <= 1.1.6. | [email protected] | 9.8 | 0.05% | 2025-12-18 | 2026-01-20 |
| CVE-2025-60089 | Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Object Injection.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through <= 1.3.5. | [email protected] | 9.8 | 0.05% | 2025-12-18 | 2026-01-20 |
| CVE-2024-37463 | Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5. | [email protected] | 5.3 | 0.34% | 2024-11-01 | 2025-02-07 |
| CVE-2024-7484 | The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handle_uploaded_files' function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | [email protected] | 7.2 | 11.98% | 2024-08-06 | 2025-02-07 |
| CVE-2024-30446 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms allows Stored XSS.This issue affects CRM Perks Forms: from n/a through 1.1.4. | [email protected] | 6.5 | 0.15% | 2024-03-29 | 2026-04-28 |
| CVE-2024-30499 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4. | [email protected] | 8.5 | 0.39% | 2024-03-29 | 2026-04-28 |
| CVE-2024-30498 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4. | [email protected] | 9.3 | 15.00% | 2024-03-29 | 2026-04-28 |
| CVE-2023-51536 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms – WordPress Form Builder allows Stored XSS.This issue affects CRM Perks Forms – WordPress Form Builder: from n/a through 1.1.2. | [email protected] | 5.9 | 0.06% | 2024-02-01 | 2026-04-28 |
| CVE-2024-1069 | The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | [email protected] | 7.2 | 3.37% | 2024-01-31 | 2026-04-08 |
| CVE-2022-3604 | The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection. | [email protected] | 7.8 | 0.29% | 2024-01-16 | 2025-06-11 |
| CVE-2023-31095 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8. | [email protected] | 4.7 | 0.20% | 2023-12-29 | 2026-04-28 |
| CVE-2023-37982 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3. | [email protected] | 4.7 | 0.11% | 2023-12-19 | 2026-04-28 |
| CVE-2023-38481 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7. | [email protected] | 4.7 | 0.11% | 2023-12-19 | 2026-04-28 |
| CVE-2023-38478 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and QuickBooks.This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.2.3. | [email protected] | 4.7 | 0.11% | 2023-12-19 | 2026-04-28 |
| CVE-2023-47779 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4. | [email protected] | 4.7 | 0.15% | 2023-12-07 | 2026-04-28 |
| CVE-2023-31212 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through 1.3.0. | [email protected] | 8.5 | 0.31% | 2023-10-31 | 2026-04-28 |