CVE-2025-31533: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in Salesmate.io's Salesmate Add-On for Gravity Forms, affecting versions through 2.0.3. The vulnerability was discovered by Trương Hữu Phúc and was officially assigned CVE-2025-31533 on March 31, 2025. This security issue involves functionality that is not properly constrained by Access Control Lists (ACLs) (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) and has been assigned a CVSS v3.1 Base Score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. The issue stems from missing authorization checks, authentication, or nonce token verification in certain functions, potentially allowing unprivileged users to execute higher privileged actions (Patchstack).

The vulnerability has been assessed with a low severity impact and is considered unlikely to be exploited. The CVSS score of 5.3 indicates a moderate level of risk, primarily affecting the availability of the system rather than confidentiality or integrity (Patchstack).

As of the disclosure date, no official fix has been made available for this vulnerability. Given the low severity impact, virtual patching has been deemed unnecessary (Patchstack).