CVE-2025-8593 – GSheetConnector For Gravity Forms

CVE ID : CVE-2025-8593

Published : Oct. 11, 2025, 10:15 a.m. | 23 minutes ago

Description : The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to authorization bypass in versions less than, or equal to, 1.3.27. This is due to a missing capability check on the ‘install_plugin’ function. This makes it possible for authenticated attackers, with subscriber-level access and above to install plugins on the target site and potentially achieve arbitrary code execution on the server under certain conditions.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…