CVE-2025-30863

{"id": "CVE-2025-30863", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-03-27T11:15:47.410", "references": [{"url": "https://patchstack.com/database/wordpress/plugin/integration-for-contact-form-7-and-google-sheets/vulnerability/wordpress-integration-for-google-sheets-and-contact-form-7-wpforms-elementor-ninja-forms-plugin-1-0-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms allows Cross Site Request Forgery. This issue affects Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.0.9."}, {"lang": "es", "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en CRM Perks Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms permite Cross-Site Request Forgery. Este problema afecta a Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms: desde n/d hasta la versi\u00f3n 1.0.9."}], "lastModified": "2025-03-27T16:45:12.210", "sourceIdentifier": "audit@patchstack.com"}