Add-On for Discord and Gravity Forms Security & Risk Analysis
wordpress.org/plugins/gf-discordAutomatically send Gravity Form entries to a Discord channel.
Is Add-On for Discord and Gravity Forms Safe to Use in 2026?
Generally Safe
Score 100/100Add-On for Discord and Gravity Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "gf-discord" plugin v1.3.0 exhibits a generally strong security posture with several good practices in place. The static analysis reveals a small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, all SQL queries are properly prepared, and output escaping is nearly perfect. The lack of any recorded vulnerabilities, critical taint flows, or unpatched CVEs further reinforces this positive assessment, suggesting a well-maintained and secure codebase.
However, a critical concern is the presence of the `unserialize()` function. While the current static and taint analysis did not reveal any exploitable flows related to this function, it remains a significant risk vector. If user-controlled data is ever passed to `unserialize()` without proper validation and sanitization, it could lead to Remote Code Execution (RCE) vulnerabilities. The plugin's small attack surface and lack of historical vulnerabilities might lead to complacency, but this one function necessitates careful monitoring and potential mitigation strategies.
Key Concerns
- Presence of unserialize() without apparent sanitization
Add-On for Discord and Gravity Forms Security Vulnerabilities
Add-On for Discord and Gravity Forms Code Analysis
Dangerous Functions Found
Output Escaping
Data Flow Analysis
Add-On for Discord and Gravity Forms Attack Surface
WordPress Hooks 3
Maintenance & Trust
Add-On for Discord and Gravity Forms Maintenance & Trust
Maintenance Signals
Community Trust
Add-On for Discord and Gravity Forms Alternatives
Retrigger Notifications Gravity Forms
retrigger-notifications-gravity-forms
Resend Gravity Forms entry data to Zapier and Webhook feeds with one click -- no need to resubmit the form.
Add-On for Microsoft Teams and Gravity Forms
gf-msteams
Automatically send Gravity Form entries to a Microsoft Teams channel.
Opayo Form Payment Gateway for Gravity Forms
sagepay-form-payment-gateway-for-gravity-forms
Opayo Server Gateway for accepting payments on your Gravity Forms Store.
GF Forms LeadsBridge Add-On
gf-forms-leadsbridge-add-on
Sends Gravity Forms forms submissions directly to your LeadsBridge bridge and automate your marketing campaigns!
Webhook Signature add-on for Gravity Forms
gf-webhook-signature
Add a signature HTTP header to webhook requests to prevent man-in-the-middle and replay attacks.
Add-On for Discord and Gravity Forms Developer Profile
12 plugins · 2K total installs
How We Detect Add-On for Discord and Gravity Forms
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/gf-discord/assets/css/gf-discord-backend.css/wp-content/plugins/gf-discord/assets/css/gf-discord-frontend.css/wp-content/plugins/gf-discord/assets/js/gf-discord-backend.js/wp-content/plugins/gf-discord/assets/js/gf-discord-frontend.jsgf-discord/style.css?ver=gf-discord/script.js?ver=HTML / DOM Fingerprints
gf-discord-settings-sectiongf-discord-discord-fieldgf-discord-channel-fieldgf-discord-message-template-fieldgf-discord-webhook-url-fieldgf-discord-username-fieldgf-discord-avatar-url-fieldgf-discord-embed-title-field+17 moredata-gf-discord-webhook-urldata-gf-discord-discord-iddata-gf-discord-channel-iddata-gf-discord-message-templatedata-gf-discord-usernamedata-gf-discord-avatar-url+15 moregf_discord_backend_paramsgf_discord_frontend_params