CVE-2025-8593

The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to authorization bypass in versions less than, or equal to, 1.3.27. This is due to a missing capability check on the ‘install_plugin’ function. This makes it possible for authenticated attackers, with subscriber-level access and above to install plugins on the target site and potentially achieve arbitrary code execution on the server under certain conditions.

More information : https://plugins.trac.wordpress.org/browser/gsheetconnector-gravity-forms/tags/1.3.23/includes/class-gravityform-gs-service.php#L128