The Gravifyforms plugin for WordPress is not safe to use in versions up to and including 1.9.3.5. Attackers who are logged in can add extra bits of code to the existing code that can be used to get private information from the database. This is made possible because the plugin does not escape the user’s input and does not properly prepare the already existing SQL query.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
