CVE-2025-30953 is a medium-severity security vulnerability classified under CWE-601, which corresponds to an 'Open Redirect' or URL Redirection to Untrusted Site issue. This vulnerability affects the CRM Perks WP Gravity Forms Salesforce plugin, specifically versions up to 1.4.7. The flaw allows an attacker to craft malicious URLs that redirect users from a legitimate site using the vulnerable plugin to an untrusted external site. Such redirection can be exploited in phishing campaigns, where users are tricked into believing they are interacting with a trusted entity but are instead sent to malicious websites designed to steal credentials or deliver malware. The vulnerability has a CVSS 3.1 base score of 4.7, indicating a medium severity level. The vector string (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N) shows that the attack can be performed remotely over the network without privileges, requires low attack complexity, no privileges, but does require user interaction (clicking the malicious link). The scope is changed (S:C), meaning the vulnerability affects resources beyond the vulnerable component, and the impact is limited to confidentiality (C:L) with no impact on integrity or availability. No known exploits in the wild have been reported yet, and no patches are currently linked, suggesting that remediation may still be pending or in progress. The vulnerability primarily facilitates phishing by redirecting users to malicious sites, leveraging the trust users place in the legitimate website hosting the vulnerable plugin.

For European organizations, especially those using WordPress sites with the CRM Perks WP Gravity Forms Salesforce plugin, this vulnerability poses a significant risk of phishing attacks. Attackers can exploit the open redirect to bypass security filters and convince users to visit malicious sites, potentially leading to credential theft, unauthorized access, or malware infections. This can undermine user trust, damage brand reputation, and lead to regulatory compliance issues under GDPR if personal data is compromised. Since the vulnerability does not directly impact system integrity or availability, the primary concern is the confidentiality of user data and the potential for social engineering attacks. Organizations with customer-facing portals or forms integrated with Salesforce via this plugin are particularly at risk. The medium severity score reflects that while the vulnerability is not critical, it can be leveraged as part of a broader attack chain, especially in targeted phishing campaigns against employees or customers.

European organizations should take immediate steps to mitigate this vulnerability beyond generic advice: 1) Identify and inventory all WordPress installations using the CRM Perks WP Gravity Forms Salesforce plugin and verify the version in use. 2) Monitor the vendor's official channels for patches or updates addressing CVE-2025-30953 and apply them promptly once available. 3) Implement strict URL validation and sanitization on all redirect parameters within the plugin or via custom code to ensure redirects only point to trusted domains. 4) Employ web application firewalls (WAFs) with rules designed to detect and block open redirect attempts targeting this plugin. 5) Educate users and employees about phishing risks, emphasizing caution with unexpected links, especially those originating from forms or Salesforce integrations. 6) Use multi-factor authentication (MFA) on Salesforce and related systems to reduce the impact of credential theft. 7) Regularly audit and monitor web traffic logs for unusual redirect patterns or spikes in traffic to suspicious domains. 8) Consider disabling or replacing the vulnerable plugin if immediate patching is not feasible, especially on high-risk or public-facing sites.