Does PHP Code Keeper for Gravity Forms have any unpatched vulnerabilities?

No. All known vulnerabilities in PHP Code Keeper for Gravity Forms have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PHP Code Keeper for Gravity Forms compatible with WordPress 6.7.5?

According to WordPress.org data, PHP Code Keeper for Gravity Forms 3.1 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is PHP Code Keeper for Gravity Forms compatible with PHP 7.4+?

PHP Code Keeper for Gravity Forms requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is PHP Code Keeper for Gravity Forms updated?

PHP Code Keeper for Gravity Forms was last updated on Jan 23, 2025. Frequent updates are generally a positive security signal.

What is PHP Code Keeper for Gravity Forms's security score?

PHP Code Keeper for Gravity Forms has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PHP Code Keeper for Gravity Forms Security & Risk Analysis

wordpress.org/plugins/custom-code-keeper

Provides a reliable and consistent way to create, store, edit, and load custom form-related PHP code on your site.

20 active installs v3.1 PHP 7.4+ WP 5.6+ Updated Jan 23, 2025

codedevelopergravityphp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is PHP Code Keeper for Gravity Forms Safe to Use in 2026?

Generally Safe

Score 92/100

PHP Code Keeper for Gravity Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "custom-code-keeper" v3.1 plugin exhibits a generally good security posture, with a complete absence of known CVEs and a robust use of prepared statements for SQL queries. The presence of nonce and capability checks on its AJAX endpoints, along with the lack of exposed REST API routes and shortcodes, significantly reduces its attack surface. However, concerns arise from the taint analysis, which identified three flows with unsanitized paths. While these did not escalate to critical or high severity, they represent potential pathways for malicious input if not handled carefully, especially in conjunction with the identified file operations.

The plugin's history of zero vulnerabilities further strengthens its perceived security. This lack of past issues suggests a commitment to secure development practices. However, the presence of unsanitized paths in the taint analysis, despite the absence of critical severity, warrants attention. The 59% output escaping rate, while not alarming, also leaves room for improvement to ensure all dynamic content is properly sanitized before rendering.

In conclusion, "custom-code-keeper" v3.1 is a relatively secure plugin, benefiting from strong authentication checks on its entry points and a clean vulnerability history. The primary area for improvement lies in thoroughly sanitizing all input paths, especially those involved in file operations, and ensuring all output is consistently escaped to prevent potential cross-site scripting vulnerabilities. Addressing these points would further enhance its security.

Key Concerns

Unsanitized paths in taint analysis
Output escaping at 59%

Vulnerabilities

None known

PHP Code Keeper for Gravity Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

PHP Code Keeper for Gravity Forms Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

26 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

59% escaped44 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

ajax_save_file (class-gh-cck.php:444)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

PHP Code Keeper for Gravity Forms Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 4

authwp_ajax_create_form_fileclass-gh-cck.php:77

authwp_ajax_create_prefixed_fileclass-gh-cck.php:78

authwp_ajax_save_fileclass-gh-cck.php:79

authwp_ajax_delete_fileclass-gh-cck.php:80

WordPress Hooks 18

actionadmin_initclass-gh-cck.php:60

actionwp_after_admin_bar_renderclass-gh-cck.php:65

filtergform_form_settings_menuclass-gh-cck.php:67

actiongform_form_settings_page_gravityhopper_cckclass-gh-cck.php:69

actionforms_page_gravityhopper_cckclass-gh-cck.php:70

actionadmin_enqueue_scriptsclass-gh-cck.php:71

actiongform_after_save_formclass-gh-cck.php:73

actiongform_post_form_duplicatedclass-gh-cck.php:74

actiongform_forms_post_importclass-gh-cck.php:75

actiongform_after_delete_formclass-gh-cck.php:76

filtergform_export_menuclass-gh-cck.php:82

actiongform_export_page_export_gravityhopper_cckclass-gh-cck.php:83

filtergravityhopper-ks/keyboard_shortcutsclass-gh-cck.php:85

filtergform_system_reportfiles\gravityhopper-custom-code-keeper-loader.php:2

actioninitfiles\gravityhopper-custom-code-keeper-loader.php:68

filterplugin_action_linksfiles\gravityhopper-custom-code-keeper-loader.php:137

actionadmin_initfiles\gravityhopper-custom-code-keeper-loader.php:164

actiongform_loadedgravityhopper-custom-code-keeper.php:33

Maintenance & Trust

PHP Code Keeper for Gravity Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJan 23, 2025

PHP min version7.4

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

PHP Code Keeper for Gravity Forms Alternatives

WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager

insert-headers-and-footers

Easily add code snippets in WordPress. Insert header & footer scripts, add PHP code snippets with conditional logic, insert ads pixel code, and more.

3.0M 3 CVEs

Code Snippets

code-snippets

An easy, clean and simple way to enhance your site with code snippets.

1.0M 7 CVEs

Header Footer Code Manager

header-footer-code-manager

Easily add tracking code snippets, conversion pixels, or other scripts required by third party services for analytics, marketing, or chat features.

600K 4 CVEs

Insert PHP Code Snippet

insert-php-code-snippet

Add PHP code to your pages and posts easily using shortcodes.

100K 3 CVEs

Woody Code Snippets – Insert PHP, CSS, JS, and Header/Footer Scripts

insert-php

Insert PHP, JavaScript, CSS, HTML, ads, and tracking code into WordPress headers, footers, pages, and content using conditional logic, without editing …

60K 7 CVEs

Developer Profile

PHP Code Keeper for Gravity Forms Developer Profile

uamv

3 plugins · 3K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect PHP Code Keeper for Gravity Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gravityhopper-custom-code-keeper/gh-cck.css/wp-content/plugins/gravityhopper-custom-code-keeper/gh-cck.js

Script Paths

/wp-content/plugins/gravityhopper-custom-code-keeper/gh-cck.js

Version Parameters

gravityhopper-custom-code-keeper/gh-cck.css?ver=gravityhopper-custom-code-keeper/gh-cck.js?ver=

HTML / DOM Fingerprints

CSS Classes

gh-cck-codemirror-wrappergh-cck-editorgh-cck-field-labelgh-cck-footergh-cck-headergh-cck-main-contentgh-cck-preview-wrappergh-cck-settings-toolbar+3 more

HTML Comments

+4 more

Data Attributes

data-gh-cck-editor-iddata-gh-cck-field-keydata-gh-cck-form-id

JS Globals

window.GH_CCK

REST Endpoints

/wp-json/gravityhopper-cck/v1/files

FAQ