CVE-2025-60180 is a critical vulnerability identified in the CRM Perks WP Gravity Forms Salesforce plugin, specifically affecting versions up to and including 1.5.1. The vulnerability arises from unsafe deserialization of untrusted data, which enables an attacker to perform object injection attacks. Object injection in PHP-based applications like WordPress plugins can lead to remote code execution, privilege escalation, or data manipulation by injecting malicious serialized objects that the application unserializes without proper validation. This vulnerability is remotely exploitable over the network without requiring authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The impact covers confidentiality, integrity, and availability, making it a critical threat. The plugin integrates Salesforce CRM data with WordPress Gravity Forms, a popular form management solution, which means exploitation could compromise sensitive customer data and disrupt business processes. Although no public exploits are reported yet, the high CVSS score (9.8) reflects the severity and ease of exploitation. The vulnerability was reserved in late September 2025 and published in December 2025, but no patch links are currently available, indicating that mitigation options may be limited until an official update is released. Organizations using this plugin should consider immediate risk mitigation steps to prevent exploitation.

For European organizations, the impact of CVE-2025-60180 is substantial. Many enterprises and SMEs use WordPress for their websites and integrate Salesforce CRM via plugins like WP Gravity Forms Salesforce to manage customer data and automate workflows. Exploitation of this vulnerability could lead to unauthorized access to sensitive customer information, including personal data protected under GDPR, resulting in regulatory fines and reputational damage. Attackers could execute arbitrary code on web servers, leading to website defacement, data theft, or ransomware deployment, severely disrupting business operations. The availability of services relying on Salesforce integrations could be compromised, affecting sales, marketing, and customer support functions. The critical nature of this vulnerability means that even organizations without direct Salesforce exposure but using the plugin are at risk. Additionally, the cross-border nature of cloud and web services in Europe means that attacks could propagate quickly across multiple countries, amplifying the impact.

Given the absence of an official patch at the time of this report, European organizations should implement immediate mitigations to reduce risk. First, restrict network access to the WordPress administration and plugin endpoints, ideally limiting access to trusted IP addresses or VPNs. Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious serialized object payloads or unusual POST requests targeting the plugin. Disable or remove the WP Gravity Forms Salesforce plugin if it is not essential, or replace it with alternative, secure integration methods. Monitor logs for signs of exploitation attempts, such as unexpected serialized data or anomalous form submissions. Ensure that WordPress core and all other plugins are up to date to reduce the attack surface. Prepare for rapid deployment of the official patch once released by CRM Perks. Conduct internal audits of Salesforce integration points to verify no unauthorized changes or data exfiltration have occurred. Finally, educate IT and security teams about the risks of deserialization vulnerabilities and the importance of secure coding practices in plugin development.