Plugin vulnerable to PHP Object Injection

  • joevil1984

    (@joevil1984)


    3 months ago

    Hi,

    I wanted to bring to your attention that a PHP Object Injection vulnerability has been reported for your plugin “Connector for Gravity Forms and Google Sheets”.

    Details:

    • Vulnerability Type: PHP Object Injection
    • Detected On: August 8, 2025
    • Affected Versions: ≤ 1.2.5
    • Current Status: No fix or update package available

    This issue was flagged by a website security scanner, which recommends addressing the vulnerability as soon as possible to prevent potential exploitation.

    Could you please confirm if there’s an upcoming patch or workaround available to mitigate this risk?

    Thank you for your attention to this matter.

    Best regards,
    Joevil

    Patchstack Report Reference:

    https://patchstack.com/database/wordpress/plugin/wp-gravity-forms-spreadsheets/vulnerability/wordpress-connector-for-gravity-forms-and-google-sheets-plugin-1-2-5-php-object-injection-vulnerability
    • This topic was modified 3 months ago by joevil1984.
    • This topic was modified 3 months ago by Yui.
Viewing 2 replies - 1 through 2 (of 2 total)
  • CRM Perks Support

    (@crmperkshelp)

    3 months ago

    we have fixed it about 2 months ago , we have many plugins for Gravity forms , code is same in all , you can verify it

    patchstack reported same vulnerablity in all plugins , marked it as fixed in other plugins but did not mark this plugin fixed

    can you please confirm this to patchstack , ask them for POC

    Thread Starter joevil1984

    (@joevil1984)

    3 months ago

    Thank you for the update. I can confirm that the issue has been resolved on our end.

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this review.