What the vulnerability does
01Description
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Phishing.This issue affects WP Gravity Forms HubSpot: from n/a through <= 1.2.5.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
What the vulnerability does
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Phishing.This issue affects WP Gravity Forms HubSpot: from n/a through <= 1.2.5.
Explanation of Vulnerability in Simple Terms
WP Gravity Forms HubSpot versions 1.2.5 and earlier contain an open redirect vulnerability. An attacker can craft a malicious link that redirects users to an external website after they interact with the plugin. The vulnerability requires user interaction and affects the scope beyond the plugin itself. Update to a version newer than 1.2.5 to resolve this issue.
What an attacker can do
Redirect users to a malicious external website via a crafted link.
Potential impact on your site
Users may be tricked into visiting phishing or malware sites, damaging site reputation and user trust.
Conditions required to exploit
User must click a malicious link; no authentication required.
Key dates
External resources