May 31, 2023

Gravity Forms Patches Vulnerability in WordPress Plugin

Gravity Forms has released a patch for a PHP Object Injection vulnerability.

Gravity Forms plugin is a tool that website owners can use to create custom forms for transactions involving site visitors, such as payment forms, registration forms, file upload forms, and others.

The Vulnerability

• CVE-2023-28782 (CVSS 3.1: 8.3, High) – Unauthenticated PHP Object Injection vulnerability. Successful exploitation could lead to arbitrary file access and modification, user/member data exfiltration, and code execution.

Affected Products

Gravity Forms plugin: versions 2.73 and prior.

Mitigation

CYREBRO recommends to update to the latest plugin version as soon as possible.

References: patchstack