Exposure of Gravity Forms
Form builders, WordPress plugins52
exposure score
103,408
sites use
0
exploited
2
critical
CVEs
15 resultsCVE-2025-12352CRITICALGravity Forms <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image'EPSS 0.7%CVE-2023-28782HIGHWordPress Gravity Forms Plugin <= 2.7.3 is vulnerable to PHP Object InjectionEPSS 0.6%CVE-2025-12974HIGHGravity Forms <= 2.9.21.1 - Unauthenticated Arbitrary File Upload via Legacy Chunked UploadEPSS 0.6%CVE-2026-48866CRITICALWordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerabilityEPSS 0.5%CVE-2026-4406MEDIUMGravity Forms <= 2.9.30 - Reflected Cross-Site Scripting via 'form_ids' ParameterEPSS 0.4%CVE-2025-13407MEDIUMGravityForms < 2.9.23.1 - Unauthenticated Arbitrary File UploadEPSS 0.3%CVE-2024-13377HIGHGravityForms <= 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'alt' parameterEPSS 0.3%CVE-2026-4394MEDIUMGravity Forms <= 2.9.30 - Unauthenticated Stored Cross-Site Scripting via Credit Card 'Card Type' Sub-FieldEPSS 0.3%CVE-2024-13378MEDIUMGravityForms 2.9.0.1 - 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'style_settings' parameterEPSS 0.3%CVE-2026-5111HIGHGravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Hidden Product Field in RepeaterEPSS 0.3%CVE-2026-5110HIGHGravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Single Product Field Inside RepeaterEPSS 0.2%CVE-2026-5109HIGHGravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Product OptionEPSS 0.2%CVE-2026-5113HIGHGravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Consent Field Hidden InputEPSS 0.2%CVE-2026-5112HIGHGravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Calculation Product Field in RepeaterEPSS 0.2%CVE-2026-3492MEDIUMGravity Forms <= 2.9.28.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Form TitleEPSS 0.2%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →