CVE-2025-60180 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2025-60180?

CVE-2025-60180 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to execute arbitrary PHP code through insecure deserialization in the WP Gravity Forms Salesforce plugin. It affects WordPress sites using the gf-salesforce-crmperks plugin version 1.5.1 or earlier. Successful exploitation could lead to complete system compromise.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary PHP code through insecure deserialization in the WP Gravity Forms Salesforce plugin. It affects WordPress sites using the gf-salesforce-crmperks plugin version 1.5.1 or earlier. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:

WP Gravity Forms Salesforce (gf-salesforce-crmperks)

Versions: All versions up to and including 1.5.1

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with the vulnerable plugin enabled are affected regardless of configuration.

📦 What is this software?

Wp Gravity Forms Salesforce by Crmperks

View all CVEs affecting Wp Gravity Forms Salesforce →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full server compromise, data theft, malware installation, and complete site takeover.

🟠

Likely Case

Unauthenticated attackers gaining administrative access to WordPress, installing backdoors, and stealing sensitive data.

🟢

If Mitigated

Attackers gain limited access but are contained by proper network segmentation and security controls.

🌐 Internet-Facing: HIGH - WordPress sites are typically internet-facing and the vulnerability requires no authentication.

🏢 Internal Only: MEDIUM - Internal WordPress installations could still be exploited by internal threat actors or through lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is publicly documented with technical details available, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.2 or later

Vendor Advisory: https://patchstack.com/database/Wordpress/Plugin/gf-salesforce-crmperks/vulnerability/wordpress-wp-gravity-forms-salesforce-plugin-1-5-1-php-object-injection-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'WP Gravity Forms Salesforce'. 4. Click 'Update Now' if update is available. 5. If no update appears, manually download version 1.5.2+ from WordPress.org and replace the plugin files.

🔧 Temporary Workarounds

Disable the vulnerable plugin

all

Temporarily disable the plugin until patching is possible

wp plugin deactivate gf-salesforce-crmperks

Remove plugin files

linux

Completely remove the plugin from the WordPress installation

rm -rf /path/to/wordpress/wp-content/plugins/gf-salesforce-crmperks/

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block deserialization attacks
Restrict access to affected WordPress instances using IP whitelisting or authentication

🔍 How to Verify

Check if Vulnerable:

Check WordPress plugin version in admin panel or examine wp-content/plugins/gf-salesforce-crmperks/readme.txt for version number

Check Version:

wp plugin get gf-salesforce-crmperks --field=version

Verify Fix Applied:

Confirm plugin version is 1.5.2 or higher in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to WordPress endpoints
PHP error logs showing unserialize() warnings
Unexpected plugin file modifications

Network Indicators:

HTTP requests containing serialized PHP objects in parameters
Traffic patterns indicating exploitation attempts

SIEM Query:

source="wordpress.log" AND ("gf-salesforce" OR "unserialize" OR "php_object")

📊 Metadata

CVE ID: CVE-2025-60180

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

EPSS Score: 0.06% exploit probability (18.1th percentile)

Published: December 18, 2025

Last Updated: January 20, 2026

🔗 References

https://patchstack.com/database/Wordpress/Plugin/gf-salesforce-crmperks/vulnerability/wordpress-wp-gravity-forms-salesforce-plugin-1-5-1-php-object-injection-vulnerability?_s_id=cve

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60180, you might also want to check these: