CVE-2025-4659: 
WordPress vulnerability analysis and mitigation

The Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin for WordPress contains a Full Path Disclosure vulnerability (CVE-2025-4659) affecting all versions up to and including 1.4.4. This vulnerability was discovered and disclosed on May 29, 2025 (NVD, Wordfence).

The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The weakness is categorized as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The vulnerability allows unauthenticated attackers to retrieve the full path of the web application (NVD).

The vulnerability allows attackers to obtain the full path of the web application. While this information alone is not directly harmful, it can be leveraged to aid other attacks. The disclosed path information requires another vulnerability to be present for any potential damage to the affected website (NVD).

The vulnerability has been patched in version 1.4.5 of the plugin. Users are advised to update to this version to mitigate the vulnerability (WordPress Plugin Repository).