CVE-2025-7697
BaseFortify
Publication date: 2025-07-19
Last updated on: 2025-07-22
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| php | php | * |
| wordpress | wordpress | * |
| crm_perks | integration_for_contact_forms_and_google_sheets | 1.1.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7697 is a PHP Object Injection vulnerability in the WordPress plugin "Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms." The vulnerability exists in all versions up to and including 1.1.1, where the plugin deserializes untrusted input within the verify_field_val() function. This unsafe deserialization allows unauthenticated attackers to inject malicious PHP objects. When used alongside the Contact Form 7 plugin, attackers can exploit a POP chain to delete arbitrary files, including critical files like wp-config.php, potentially leading to denial of service or remote code execution. The issue was fixed in version 1.1.2 by modifying the code to prevent unsafe deserialization of input data. [1, 2]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including allowing unauthenticated attackers to execute arbitrary PHP code on your WordPress site or delete important files such as wp-config.php. This can lead to a denial of service by breaking the site or even full remote code execution, compromising the security and availability of your website and data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if the affected plugin version (up to and including 1.1.1) is installed on your WordPress site. You can check the plugin version via the WordPress admin dashboard or by inspecting the plugin files. Additionally, monitoring for suspicious serialized PHP object data being sent to the plugin's endpoints could indicate exploitation attempts. There are no specific network commands provided in the resources, but checking the plugin version can be done via WP-CLI with the command: `wp plugin list | grep integration-for-contact-form-7-and-google-sheets`. Also, reviewing logs for unusual POST requests containing serialized data to the plugin's form submission endpoints may help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the 'Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms' WordPress plugin to version 1.1.2 or later, where the vulnerability has been fixed by disabling unsafe deserialization of input data. If updating immediately is not possible, consider disabling the plugin temporarily to prevent exploitation. Additionally, ensure your WordPress installation and PHP versions meet the minimum requirements (WordPress 4.7+, PHP 5.3+) and monitor for any suspicious activity related to form submissions. [1, 2]