CVE-2025-8606

Name of the Vulnerable Software and Affected Versions GSheetConnector For Gravity Forms plugin for WordPress versions prior to 1.3.24

Description The software is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in the activate plugin and deactivate plugin functions. This allows attackers to potentially trick authenticated administrators into activating or deactivating plugins through a forged request, such as a malicious link or compromised webpage.

Recommendations Update to version 1.3.24 or later.