CVE-2025-60080
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-18

Last updated on: 2026-04-01

Assigner: Patchstack

Description
Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Gravity Forms + Drag And Drop Template Builder pdf-for-gravity-forms allows Object Injection.This issue affects PDF for Gravity Forms + Drag And Drop Template Builder: from n/a through <= 6.5.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-18
Last Modified
2026-04-01
Generated
2026-05-07
AI Q&A
2025-12-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-60080
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
add-ons.org pdf_for_gravity_forms *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a Deserialization of Untrusted Data issue in the PDF for Gravity Forms + Drag And Drop Template Builder add-on. It allows an attacker to perform Object Injection by exploiting the way the add-on processes serialized data, potentially leading to malicious code execution or other unintended behavior.


How can this vulnerability impact me? :

This vulnerability can allow attackers to inject malicious objects through deserialization, which may lead to unauthorized code execution, data manipulation, or compromise of the affected system running the vulnerable add-on.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart