Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Gravity Forms — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting Gravity Forms. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Gravity Forms:Gravity FormsGravity Forms WebHooks
CVE IDTitleCVSSSeverityPublished
CVE-2026-5110 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Single Product Field Inside Repeater — Gravity FormsCWE-79 7.2 High2026-05-02
CVE-2026-5111 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Hidden Product Field in Repeater — Gravity FormsCWE-79 7.2 High2026-05-02
CVE-2026-5112 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Calculation Product Field in Repeater — Gravity FormsCWE-79 7.2 High2026-05-02
CVE-2026-5109 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Product Option — Gravity FormsCWE-79 7.2 High2026-05-02
CVE-2026-5113 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Consent Field Hidden Input — Gravity FormsCWE-79 7.2 High2026-05-02
CVE-2026-4406 Gravity Forms <= 2.9.30 - Reflected Cross-Site Scripting via 'form_ids' Parameter — Gravity FormsCWE-79 4.7 Medium2026-04-07
CVE-2026-4394 Gravity Forms <= 2.9.30 - Unauthenticated Stored Cross-Site Scripting via Credit Card 'Card Type' Sub-Field — Gravity FormsCWE-79 6.1 Medium2026-04-07
CVE-2026-3492 Gravity Forms <= 2.9.28.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Form Title — Gravity FormsCWE-79 6.4 Medium2026-03-11
CVE-2025-12974 Gravity Forms <= 2.9.21.1 - Unauthenticated Arbitrary File Upload via Legacy Chunked Upload — Gravity FormsCWE-434 8.1 High2025-11-18
CVE-2025-12352 Gravity Forms <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image' — Gravity FormsCWE-434 9.8 Critical2025-11-07
CVE-2024-13845 Gravity Forms WebHooks <= 1.6.0 - Authenticated (Admin+) Server-Side Request Forgery via Webhook — Gravity Forms WebHooksCWE-918 5.5 Medium2025-05-01
CVE-2024-13378 GravityForms 2.9.0.1 - 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'style_settings' parameter — Gravity FormsCWE-79 5.4 Medium2025-01-17
CVE-2024-13377 GravityForms <= 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'alt' parameter — Gravity FormsCWE-79 7.2 High2025-01-17

This page lists every published CVE security advisory associated with Gravity Forms. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.