CVE-2025-7696
BaseFortify
Publication date: 2025-07-19
Last updated on: 2025-07-22
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ninja_forms | ninja_forms | * |
| wordpress | wordpress | * |
| crm_perks | integration_for_contact_forms_and_pipedrive | 1.2.3 |
| elementor | elementor_pro | * |
| crm_perks | integration_for_contact_forms_and_pipedrive | 1.2.4 |
| formidable_forms | formidable_forms | * |
| contact_form_7 | contact_form_7 | * |
| wpforms | wpforms | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7696 is a PHP Object Injection vulnerability in the WordPress plugin "Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms" up to version 1.2.3. The vulnerability arises from unsafe deserialization of untrusted input within the verify_field_val() function, allowing unauthenticated attackers to inject malicious PHP objects. When used alongside the Contact Form 7 plugin, which contains a gadget chain (POP chain), attackers can exploit this to delete arbitrary files, including critical files like wp-config.php. This can lead to denial of service or remote code execution. The vulnerability was fixed in version 1.2.4 by improving how serialized data is handled to prevent such injection. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including allowing unauthenticated attackers to execute arbitrary PHP code on your WordPress site or delete critical files such as wp-config.php. This can result in a denial of service by breaking the site configuration or even full remote code execution, potentially compromising the entire server and data. The high CVSS score (9.8) reflects the critical nature of this vulnerability with high impact on confidentiality, integrity, and availability. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if the vulnerable plugin version (up to and including 1.2.3) is installed on your WordPress site. You can check the plugin version via the WordPress admin dashboard or by inspecting the plugin files. Additionally, monitoring for suspicious serialized PHP object payloads in HTTP requests targeting the verify_field_val() function or related form submission endpoints could indicate exploitation attempts. There are no specific commands provided in the resources for detection, but you can use commands like 'grep -r "version 1.2.3" wp-content/plugins/integration-for-contact-form-7-and-pipedrive' on your server to check the installed plugin version. Also, reviewing web server logs for unusual POST requests to form submission URLs may help detect exploitation attempts. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the 'Integration for Contact Forms and Pipedrive' WordPress plugin to version 1.2.4 or later, where the PHP Object Injection vulnerability has been fixed. This update improves the handling of serialized data to prevent exploitation. Additionally, ensure your WordPress installation and all related plugins are kept up to date. If updating immediately is not possible, consider disabling the vulnerable plugin temporarily to prevent exploitation. [1, 2]