WP-Safety

Advanced Custom Fields: Gravity Forms Add-on Security & Risk Analysis

wordpress.org/plugins/acf-gravityforms-add-on

Provides an Advanced Custom Field which allows a WordPress user to select a Gravity Form as part of a field group configuration.

30K active installs v1.3.10 PHP + WP 4.6+ Updated Dec 2, 2025
acfadvanced-custom-fieldsformgravity-formssayhellogmbh
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Advanced Custom Fields: Gravity Forms Add-on Safe to Use in 2026?

Generally Safe

Score 100/100

Advanced Custom Fields: Gravity Forms Add-on has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The "acf-gravityforms-add-on" v1.3.10 plugin exhibits a generally good security posture based on the provided static analysis. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events with or without authentication checks significantly limits the potential attack surface. Furthermore, the code signals indicate no dangerous functions, file operations, external HTTP requests, or bundled libraries, and all SQL queries utilize prepared statements. This suggests a well-written and secure codebase from these perspectives.

However, a significant concern arises from the output escaping analysis. With 8 total outputs and 0% properly escaped, this indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any dynamic data displayed to users that is not properly escaped can be exploited by attackers to inject malicious scripts. The lack of nonce and capability checks, while not directly indicating a vulnerability given the zero entry points, also means that if entry points were to be introduced in future versions or if there was an oversight, these crucial security layers would be missing.

The vulnerability history is also a strong positive point, with zero known CVEs recorded across all severity levels. This suggests a history of responsible development and prompt patching, or a lack of past exploitable issues. In conclusion, while the plugin benefits from a minimal attack surface and secure data handling practices for SQL and external requests, the unescaped output represents a critical weakness that needs immediate attention. The absence of historical vulnerabilities is encouraging, but the current code presents a clear risk.

Key Concerns

  • Output is not properly escaped
  • No nonce checks on potential entry points
  • No capability checks on potential entry points
Vulnerabilities
None known

Advanced Custom Fields: Gravity Forms Add-on Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Advanced Custom Fields: Gravity Forms Add-on Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
8
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped8 total outputs
Attack Surface

Advanced Custom Fields: Gravity Forms Add-on Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 6
actionacf/include_field_typesresources\Init.php:17
actionacf/register_fieldsresources\Init.php:18
actionadmin_initresources\Init.php:19
actionadmin_initresources\Init.php:20
actionadmin_noticesresources\Notices.php:21
actionadmin_noticesresources\Notices.php:22
Maintenance & Trust

Advanced Custom Fields: Gravity Forms Add-on Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0
Last updatedDec 2, 2025
PHP min version
Downloads552K

Community Trust

Rating84/100
Number of ratings14
Active installs30K
Alternatives

Advanced Custom Fields: Gravity Forms Add-on Alternatives

ACF Feeds for Gravity Forms

ACF Feeds for Gravity Forms

acf-feeds-for-gravity-forms

A
85

Write Gravity Forms submission fields into ACF fields. Accumulate values over time.

100 No CVEs
ACF Field For CF7

ACF Field For CF7

acf-field-for-contact-form-7

A
100

Adds a 'Contact Form 7' field type for the Advanced Custom Fields WordPress plugin.

10K No CVEs
Advanced Forms for ACF

Advanced Forms for ACF

advanced-forms

A
99

Flexible and developer-friendly forms using the power of Advanced Custom Fields

3K 2 CVEs
Advanced Custom Fields – Contact Form 7 Field

Advanced Custom Fields – Contact Form 7 Field

advanced-custom-fields-contact-form-7-field

A
85

Adds a 'Contact Form 7' field type for the Advanced Custom Fields WordPress plugin.

2K No CVEs
Advanced Custom Fields Contact Form 7

Advanced Custom Fields Contact Form 7

acf-contact-form-7

A
85

Adds a new 'Contact Form 7' field to the popular Advanced Custom Fields plugin.

800 No CVEs
Developer Profile

Advanced Custom Fields: Gravity Forms Add-on Developer Profile

DannyvanHolten

4 plugins · 31K total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Advanced Custom Fields: Gravity Forms Add-on

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/acf-gravityforms-add-on/assets/css/acf-gf-field.css/wp-content/plugins/acf-gravityforms-add-on/assets/js/acf-gf-field.js
Script Paths
/wp-content/plugins/acf-gravityforms-add-on/assets/js/acf-gf-field.js
Version Parameters
acf-gravityforms-add-on/assets/css/acf-gf-field.css?ver=acf-gravityforms-add-on/assets/js/acf-gf-field.js?ver=

HTML / DOM Fingerprints

CSS Classes
acf-gf-field-settings
Data Attributes
data-acf-gf-form-id
JS Globals
acf_gravityforms_field_params
FAQ

Frequently Asked Questions about Advanced Custom Fields: Gravity Forms Add-on