WP-Safety

WP Gravity Forms Dynamics CRM Security & Risk Analysis

wordpress.org/plugins/gf-dynamics-crm

Gravity Forms Dynamics CRM Add-on sends Gravity Forms entries to Dynamics CRM Online.

200 active installs v1.1.6 PHP 5.3+ WP 3.8+ Updated Dec 15, 2025
dynamics-crmdynamics-crm-gravity-forms-integrationgravity-formsgravity-forms-dynamics-crmgravity-forms-dynamics-crm-addon
98
A · Safe
CVEs total2
Unpatched0
Last CVEMay 7, 2025
Plugin page Download
Safety Verdict

Is WP Gravity Forms Dynamics CRM Safe to Use in 2026?

Generally Safe

Score 98/100

WP Gravity Forms Dynamics CRM has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: May 7, 2025Updated 3mo ago
Risk Assessment

The gf-dynamics-crm v1.1.6 plugin exhibits a mixed security posture. While it demonstrates good practices in several areas, including a significant number of nonce and capability checks, and a respectable percentage of SQL prepared statements and output escaping, critical security concerns are present. The static analysis reveals a concerning single unprotected AJAX handler, which represents a direct entry point for potential attacks. Furthermore, the taint analysis indicates a flow with unsanitized paths classified as high severity, suggesting a potential vulnerability that could be exploited if not properly addressed. The plugin's vulnerability history shows two past medium-severity issues, one related to open redirects and the other to cross-site scripting. While currently no vulnerabilities are unpatched, this history, combined with the current code signals, suggests a pattern of past weaknesses that require diligent attention. The presence of an unprotected AJAX handler and a high-severity unsanitized taint flow are particularly noteworthy risks that need immediate investigation and remediation, despite the plugin's otherwise decent security hygiene in certain aspects.

Key Concerns

  • Unprotected AJAX handler
  • High severity taint flow with unsanitized path
  • Past medium severity vulnerabilities (2 total)
Vulnerabilities
2

WP Gravity Forms Dynamics CRM Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-47454medium · 6.1URL Redirection to Untrusted Site ('Open Redirect')

WP Gravity Forms Dynamics CRM <= 1.1.4 - Open Redirect

May 7, 2025 Patched in 1.1.5 (7d)
WF-cc1e9778-2860-4e3c-a2e4-28f10d585fed-gf-dynamics-crmmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CRM Perks - Various Plugins (Various Versions) - Reflected Cross-Site Scripting

Aug 26, 2021 Patched in 1.0.8 (880d)
Code Analysis
Analyzed Mar 16, 2026

WP Gravity Forms Dynamics CRM Code Analysis

Dangerous Functions
0
Raw SQL Queries
8
17 prepared
Unescaped Output
112
302 escaped
Nonce Checks
20
Capability Checks
30
File Operations
2
External Requests
2
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

68% prepared25 total queries

Output Escaping

73% escaped414 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
setup_plugin (includes\plugin-pages.php:890)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WP Gravity Forms Dynamics CRM Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_vxg_infusion_review_dismisswp\crmperks-notices.php:19
WordPress Hooks 33
actionplugins_loadedgf-dynamics-crm.php:54
actiongform_entry_createdgf-dynamics-crm.php:91
actiongform_post_add_entrygf-dynamics-crm.php:93
actiongform_post_payment_completedgf-dynamics-crm.php:96
actiongform_after_submissiongf-dynamics-crm.php:98
filtergform_confirmationgf-dynamics-crm.php:101
actionadmin_noticesgf-dynamics-crm.php:108
actioninitgf-dynamics-crm.php:112
actiongform_entry_detail_content_afterincludes\crmperks-gf.php:11
filtergform_tooltipsincludes\edit-form.php:14
actiongform_editor_jsincludes\edit-form.php:15
actiongform_field_standard_settingsincludes\edit-form.php:16
actionadmin_headincludes\edit-form.php:17
filtergform_admin_pre_renderincludes\edit-form.php:25
filtergform_pre_renderincludes\edit-form.php:26
filtergform_tooltipsincludes\plugin-pages.php:28
filtergform_logging_supportedincludes\plugin-pages.php:32
actiongform_form_settings_menuincludes\plugin-pages.php:33
filteradmin_menuincludes\plugin-pages.php:35
actiongform_post_note_addedincludes\plugin-pages.php:37
actiongform_pre_note_deletedincludes\plugin-pages.php:38
actiongform_update_statusincludes\plugin-pages.php:41
actiongform_after_update_entryincludes\plugin-pages.php:43
actiongform_entry_detail_sidebar_middleincludes\plugin-pages.php:44
actiongform_entry_infoincludes\plugin-pages.php:45
actionadmin_noticesincludes\plugin-pages.php:47
filterplugin_action_linksincludes\plugin-pages.php:48
actionadd_section_vxg_dynamicswp\crmperks-notices.php:14
actionadd_section_mapping_vxg_dynamicswp\crmperks-notices.php:15
filterplugin_row_metawp\crmperks-notices.php:16
filteradmin_footer_textwp\crmperks-notices.php:22
filtermenu_links_vxg_dynamicswp\crmperks-notices.php:23
filtertab_contents_vxg_dynamicswp\crmperks-notices.php:24
Maintenance & Trust

WP Gravity Forms Dynamics CRM Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 15, 2025
PHP min version5.3
Downloads11K

Community Trust

Rating96/100
Number of ratings19
Active installs200
Alternatives

WP Gravity Forms Dynamics CRM Alternatives

Gravity Forms Zero Spam

Gravity Forms Zero Spam

gravity-forms-zero-spam

A
100

Enhance your Gravity Forms to include anti-spam measures originally based on the work of David Walsh's "Zero Spam" technique.

100K No CVEs
Gravity Booster – Styles & Layouts for Gravity Forms

Gravity Booster – Styles & Layouts for Gravity Forms

styles-and-layouts-for-gravity-forms

A
100

Gravity Booster - Styles and Layouts for Gravity Forms plugin lets you design and style Gravity Forms without CSS coding. You can also use it for addi &hellip;

40K No CVEs
Advanced Custom Fields: Gravity Forms Add-on

Advanced Custom Fields: Gravity Forms Add-on

acf-gravityforms-add-on

A
100

Provides an Advanced Custom Field which allows a WordPress user to select a Gravity Form as part of a field group configuration.

30K No CVEs
Event Tracking for Gravity Forms

Event Tracking for Gravity Forms

gravity-forms-google-analytics-event-tracking

A
92

Easily add event tracking using Gravity Forms and your Google Analytics or Google Tag Manager account. Supports Google Analytics v3 and Gravity Forms &hellip;

20K No CVEs
Gravity PDF

Gravity PDF

gravity-forms-pdf-extended

A
100

Automatically generate, email and download PDF documents from Gravity Forms entries

20K 1 CVE
Developer Profile

WP Gravity Forms Dynamics CRM Developer Profile

CRM Perks

32 plugins · 105K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
349 days
View full developer profile
Detection Fingerprints

How We Detect WP Gravity Forms Dynamics CRM

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gf-dynamics-crm/assets/css/gs-gf-dynamics.css/wp-content/plugins/gf-dynamics-crm/assets/js/gs-gf-dynamics.js/wp-content/plugins/gf-dynamics-crm/assets/js/gs-gf-dynamics-new.js
Version Parameters
gf-dynamics-crm/assets/css/gs-gf-dynamics.css?ver=gf-dynamics-crm/assets/js/gs-gf-dynamics.js?ver=gf-dynamics-crm/assets/js/gs-gf-dynamics-new.js?ver=

HTML / DOM Fingerprints

CSS Classes
gs_gf_dynamics_contentgs_gf_dynamics_popupgs_gf_dynamics_popup_contentgs_gf_dynamics_loadinggs_gf_dynamics_main_wrapper
HTML Comments
<!-- gs_gf_dynamics_popup --><!-- gs_gf_dynamics_popup_content --><!-- gs_gf_dynamics_loading --><!-- gs_gf_dynamics_main_wrapper -->
Data Attributes
data-id='gs_gf_dynamics_id'data-id='gs_gf_dynamics_action'
JS Globals
gs_gf_dynamics_params
FAQ

Frequently Asked Questions about WP Gravity Forms Dynamics CRM