Skip to main content Skip to local navigation
UIT

Compromised WordPress Gravity Forms

Posted on July 16, 2025

 

A picture containing text Description automatically generated

 

Service Advisory 


Description:  
Gravity Forms is an easy-to-use WordPress forms builder that has over 1 million active installations. For a limited time and only via specific methods, two Gravity Forms core plugin packages (2.9.11.1 and 2.9.12) offered for manual download were compromised by an external agent who made unauthorized code modifications. The attacker inserted malicious code into the plugin packages, which blocks update attempts, contacts an external server to download additional payloads, and attempts to create a new admin account, opening a backdoor for further exploitation.

 

Affected Versions : 

  • Gravity Forms 2.9.11.1 (manually downloaded on July 9-10, 2025)
  • Gravity Forms 2.9.12 (manually downloaded on July 10, 2025)

                         

Impact:

Successful exploitation allows full control of the affected WordPress site.

 

Resolution:

Update immediately to Gravity Forms 2.9.13 or later.

Reference:

https://wpscan.com/vulnerability/95cf3f20-912a-4da5-950a-c774db147de4/

https://www.gravityforms.com/blog/security-incident-notice/

https://patchstack.com/articles/critical-malware-found-in-gravityforms-official-plugin-site/

https://www.bleepingcomputer.com/news/security/wordpress-gravity-forms-developer-hacked-to-push-backdoored-plugins/

 



UIT Information Security

Contact

IT Client Services at askIT@yorku.ca or 416 736 5800

 

PRIVACY POLICY | VISIT WWW.YORKU.CA
This email was sent by: York University, 4700 Keele Street, Toronto, Ontario M3J 1P3

This email is viewed best in Microsoft Outlook for web