Does BSK Forms Validation have any unpatched vulnerabilities?

No. All known vulnerabilities in BSK Forms Validation have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BSK Forms Validation compatible with WordPress 6.9.4?

According to WordPress.org data, BSK Forms Validation 1.9 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is BSK Forms Validation compatible with PHP 7.0+?

BSK Forms Validation requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is BSK Forms Validation updated?

BSK Forms Validation was last updated on Dec 15, 2025. Frequent updates are generally a positive security signal.

What is BSK Forms Validation's security score?

BSK Forms Validation has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BSK Forms Validation Security & Risk Analysis

wordpress.org/plugins/bsk-gravity-forms-custom-validation

This plugin helps you to validate user input and let users submit correct data on Gravity Forms, Formidable Forms. You can apply the defined users to …

100 active installs v1.9 PHP 7.0+ WP 4.0+ Updated Dec 15, 2025

custom-validationformidable-formsgravity-forms

A · Safe

CVEs total1

Unpatched0

Last CVENov 20, 2024

Plugin page Download

Safety Verdict

Is BSK Forms Validation Safe to Use in 2026?

Generally Safe

Score 99/100

BSK Forms Validation has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 20, 2024Updated 3mo ago

Risk Assessment

The bsk-gravity-forms-custom-validation v1.9 plugin presents a mixed security posture. While it demonstrates a commitment to security through a significant number of nonce and capability checks, and a high percentage of SQL queries using prepared statements, several areas warrant attention. The presence of the 'unserialize' dangerous function is a notable concern, as improper handling of serialized data can lead to remote code execution vulnerabilities. Additionally, the taint analysis revealed flows with unsanitized paths, although thankfully none were classified as critical or high severity. The plugin's vulnerability history indicates a past medium-severity Cross-Site Scripting (XSS) vulnerability, which has since been patched, suggesting that while vulnerabilities have been addressed, the potential for input validation issues remains.

Overall, the plugin has strong foundational security practices in place, particularly regarding input handling for database operations and authorization. However, the inherent risks associated with 'unserialize' and the identified unsanitized paths in the taint analysis prevent a fully secure assessment. The past XSS vulnerability also serves as a reminder to maintain vigilance regarding output sanitization and input validation for all entry points. Addressing the use of 'unserialize' and further investigating the taint flow concerns would significantly improve the plugin's security.

Key Concerns

Use of dangerous function 'unserialize'
Taint flows with unsanitized paths found
Past medium severity XSS vulnerability
Low percentage of output properly escaped

Vulnerabilities

BSK Forms Validation Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-24545medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BSK Forms Validation <= 1.7 - Reflected Cross-Site Scripting

Nov 20, 2024 Patched in 1.8 (98d)

Code Analysis

Analyzed Mar 16, 2026

BSK Forms Validation Code Analysis

Dangerous Functions

Raw SQL Queries

38 prepared

Unescaped Output

81 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$rule_saved = unserialize( $item->value );classes\dashboard\items.php:148

unserialize$rule_saved_settings = unserialize( $rule_saved_settings_obj->value );classes\validation\common.php:34

SQL Query Safety

84% prepared45 total queries

Output Escaping

45% escaped180 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

9 flows4 with unsanitized paths

display (classes\dashboard\dashboard-settings.php:10)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

BSK Forms Validation Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_bsk_gfcv_get_rule_html_settings_by_slugclasses\rules\rules.php:10

WordPress Hooks 32

actionadmin_enqueue_scriptsbsk-gravityforms-cv.php:102

actionwp_enqueue_scriptsbsk-gravityforms-cv.php:103

actioninitbsk-gravityforms-cv.php:104

actionplugins_loadedbsk-gravityforms-cv.php:106

actionbsk_gfcv_save_general_settingsclasses\dashboard\dashboard-settings.php:6

actionbsk_gfcv_save_block_data_settingsclasses\dashboard\dashboard-settings.php:7

actionadmin_menuclasses\dashboard\dashboard.php:46

actiongform_after_delete_formclasses\dashboard\dashboard.php:47

actionfrm_after_field_optionsclasses\dashboard\formidable-forms\form-field.php:7

filterfrm_default_field_optsclasses\dashboard\formidable-forms\form-field.php:8

filterfrm_add_form_settings_sectionclasses\dashboard\formidable-forms\form-settings.php:10

filterfrm_form_options_before_updateclasses\dashboard\formidable-forms\form-settings.php:11

filtergform_admin_pre_renderclasses\dashboard\gravityforms\form-field.php:10

actiongform_field_advanced_settingsclasses\dashboard\gravityforms\form-field.php:11

actiongform_editor_jsclasses\dashboard\gravityforms\form-field.php:12

filtergform_tooltipsclasses\dashboard\gravityforms\form-field.php:14

filtergform_form_settings_menuclasses\dashboard\gravityforms\form-settings.php:9

actiongform_form_settings_page_bsk_gfcv_form_settingsclasses\dashboard\gravityforms\form-settings.php:11

actionbsk_gfcv_save_cv_listclasses\dashboard\list.php:9

actionbsk_gfcv_save_ruleclasses\dashboard\list.php:10

actionbsk_gfcv_delete_ruleclasses\dashboard\list.php:11

actionbsk_gfcv_delete_cv_list_by_idclasses\dashboard\list.php:12

actionbsk_gfcv_duplicate_listclasses\dashboard\list.php:13

actionadmin_noticesclasses\dashboard\list.php:170

actionadmin_noticesclasses\dashboard\list.php:299

actionadmin_noticesclasses\dashboard\list.php:320

actionadmin_noticesclasses\dashboard\list.php:356

actionadmin_noticesclasses\dashboard\list.php:370

actionadmin_noticesclasses\dashboard\list.php:384

actionadmin_noticesclasses\dashboard\list.php:403

filterfrm_validate_entryclasses\validation\formidable-forms.php:15

filtergform_validationclasses\validation\gravityforms.php:12

Maintenance & Trust

BSK Forms Validation Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 15, 2025

PHP min version7.0

Downloads4K

Community Trust

Rating60/100

Number of ratings2

Active installs100

Alternatives

BSK Forms Validation Alternatives

WP Contact Slider – Contact Form Slider Widget

wp-contact-slider

Helps you to show slide out contact form to display CF7, Gravity forms, Ninja Forms, WP Forms, display random text/HTML and support some other forms.

10K 2 CVEs

WP Mautic Form Integrator

wp-mautic-form-integrator

Mautic is a marketing automation software and WP Mautic Form Integrator plugin is a bridge between Mautic and several highly used form plugins.

200 No CVEs

Gravity Forms Zero Spam

gravity-forms-zero-spam

100

Enhance your Gravity Forms to include anti-spam measures originally based on the work of David Walsh's "Zero Spam" technique.

100K No CVEs

Gravity Booster – Styles & Layouts for Gravity Forms

styles-and-layouts-for-gravity-forms

100

Gravity Booster - Styles and Layouts for Gravity Forms plugin lets you design and style Gravity Forms without CSS coding. You can also use it for addi …

40K No CVEs

Advanced Custom Fields: Gravity Forms Add-on

acf-gravityforms-add-on

100

Provides an Advanced Custom Field which allows a WordPress user to select a Gravity Form as part of a field group configuration.

30K No CVEs

Developer Profile

BSK Forms Validation Developer Profile

bannersky

3 plugins · 8K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

701 days

View full developer profile

Detection Fingerprints

How We Detect BSK Forms Validation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bsk-gravity-forms-custom-validation/images/ajax-loader.gif/wp-content/plugins/bsk-gravity-forms-custom-validation/images/delete-2.png

Script Paths

/wp-content/plugins/bsk-gravity-forms-custom-validation/js/bsk-gfcv-admin.js

Version Parameters

bsk-gravity-forms-custom-validation/js/bsk-gfcv-admin.js?ver=bsk-gravity-forms-custom-validation/css/bsk-gfcv-admin.css?ver=

HTML / DOM Fingerprints

JS Globals

BSK_GFCV_DIRBSK_GFCV_URLbsk_gfcv_ajax_loaderbsk_gfcv_delete_country_code_icon_url

FAQ