The vulnerability identified as CVE-2025-58006 affects the CRM Perks WP Gravity Forms Keap/Infusionsoft plugin for WordPress, specifically versions up to 1.2.6. It is an Open Redirect issue where URLs can redirect users to untrusted external sites. This can be leveraged to conduct phishing attacks by misleading users to malicious websites. The CVSS 3.1 base score is 4.7, indicating medium severity, with network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and low confidentiality impact. No patch or vendor advisory is currently available to confirm remediation status.

The primary impact is the potential for phishing attacks due to the open redirect vulnerability. Attackers can exploit this to redirect users to malicious sites, potentially leading to credential theft or other social engineering attacks. There is no indication of direct compromise of confidentiality, integrity, or availability of the affected system itself. No known exploits have been reported in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is released, users should be cautious about URLs generated by or involving the affected plugin and consider implementing additional controls such as URL validation or user awareness to mitigate phishing risks.