WordPress GravityView plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability

Description

A vulnerability, which was classified as problematic, has been found in GravityKit GravityView Plugin up to 3.0.0 on WordPress. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in authorization bypass.

Affected Products

Vendor	Product	Versions
gravity forms	gravityview	n/a

References

https://patchstack.com/database/wordpress/plugin/gravityview/vulnerability/wordpress-gravityview-plugin-3-0-0-insecure-direct-object-references-idor-vulnerability?_s_id=cve(vdb-entry)

Related News (1 articles)

Tier C

VulDB1d ago

CVE-2026-57665 | GravityKit GravityView Plugin up to 3.0.0 on WordPress authorization

→ No new info (linked only)

CVSS 3.15.3 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-639

PublishedJun 26, 2026

Last enriched1d agov2

Trending Score44

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Version History

Last enriched 1d ago

v2Tier C1d ago

Updated description with more technical detail, marked exploit availability as false, and noted that the vulnerability is actively exploited.

descriptionactivelyExploited

via VulDB

v11d ago

Initial creation

WordPress GravityView plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (1)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History