Gravity Forms

High 7.2

2026-05-02< 2.10.1

CVE-2026-5112

High 7.2

2026-05-02< 2.10.1

CVE-2026-5113

High 7.2

2026-05-02< 2.10.1

CVE-2026-5110

High 7.2

2026-05-02< 2.10.1

CVE-2026-5111

N/A

2026-03-10< 2.9.29

Gravity Forms <= 2.9.28.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Form Title

Wordfence CVE

Medium 4.7

2026-04-08< 2.9.31

Gravity Forms <= 2.9.30 - Reflected Cross-Site Scripting via 'form_ids' Parameter

EUVD Wordfence CVE

Medium 6.1

2026-04-08< 2.9.31

Gravity Forms <= 2.9.30 - Unauthenticated Stored Cross-Site Scripting via Credit Card 'Card Type' Sub-Field

EUVD Wordfence CVE

Medium 6.8

2025-12-24< 2.9.23.1

CVE-2025-13407

High 8.1

2025-11-18< 2.9.22

CVE-2025-12974

Critical 9.8

2025-11-07< 2.9.21

CVE-2025-12352

Medium 5.4

2025-01-17< 2.9.2

CVE-2024-13378

High 7.2

2025-01-17< 2.9.2

CVE-2024-13377

CVE Wordfence Patchstack

N/A

2023-10-13< 2.0.7

WordPress Gravity Forms Plugin <= 2.0.6.5 is vulnerable to Cross Site Scripting (XSS)

N/A

2023-06-17< 1.8.20

WordPress Gravity Forms Plugin <= 1.8.19 is vulnerable to Local File Inclusion

N/A

2023-03-01< 1.9.16

WordPress Gravity Forms Plugin <= 1.9.15.11 is vulnerable to Cross Site Scripting (XSS)

N/A

2023-04-20< 1.9.7

WordPress Gravity Forms Plugin <= 1.9.6 is vulnerable to Cross Site Scripting (XSS)

N/A

2023-03-17< 1.9.3.6

WordPress Gravity Forms Plugin <= 1.9.3.5 is vulnerable to SQL Injection

CVE Patchstack Wordfence WPScan

Medium 6.1

2023-07-17< 2.7.5

CVE-2023-2701

High 8.3

2023-12-20< 2.7.4

CVE-2023-28782

CVE Patchstack Wordfence WPScan

N/A

< 1.8.20

Gravity Forms <= 1.8.19 - Arbitrary File Upload

N/A

< 1.9.3.6

Gravity Forms 1.8 <= 1.9.3.5 - Authenticated Blind SQL Injection

N/A

< 1.9.7

Gravity Forms <= 1.9.6 - Cross-Site Scripting (XSS)

N/A

< 1.9.16

Gravity Forms <= 1.9.15.11 - Authenticated Reflected Cross-Site Scripting (XSS)

N/A

< 2.0.7

Gravity Forms <= 2.0.6.5 - Authenticated Blind Cross-Site Scripting (XSS)

N/A

2015-02-26< 1.8.20

Gravityforms <= 1.8.19 - Arbitrary File Upload

N/A

2015-03-17≥ 1.8 and ≤ 1.9.3.5

Gravityforms <= 1.9.3.5 - SQL Injection

Wordfence CVE

N/A

2015-04-20< 1.9.7

Gravityforms <= 1.9.6 - Cross-Site Scripting

N/A

2016-03-01< 1.9.16

Gravityforms <= 1.9.15.11 - Cross-Site Scripting

N/A

2016-09-07< 2.0.7

Gravity Forms <= 2.0.6.5 - Cross-Site Scripting