CVE-2025-60091

Published: Dec 18, 2025Modified: Jan 20, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Object Injection.This issue affects WP Gravity Forms Zoho CRM and Bigin: from n/a through <= 1.2.9.

Affected (1)

Products: Crmperks: Wp Gravity Forms Zoho Crm And Bigin

Crmperks

1 product

Wp Gravity Forms Zoho Crm And Bigin

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Crmperks Wp Gravity Forms Zoho Crm And Bigin	Before 1.3.0

Related CWEs

CWE-502

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (1)

https://patchstack.com/database/Wordpress/Plugin/gf-zoho/vulnerability/wordpress-wp-gravity-forms-zoho-crm-and-bigin-plugin-1-2-8-deserialization-of-untrusted-data-vulnerability?_s_id=cve

Source: audit@patchstack.com

Timeline

No history available yet.