Does Import Excel to Gravity Forms have any unpatched vulnerabilities?

No. All known vulnerabilities in Import Excel to Gravity Forms have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Import Excel to Gravity Forms compatible with WordPress 6.7.5?

According to WordPress.org data, Import Excel to Gravity Forms 3.20 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Import Excel to Gravity Forms compatible with PHP 5.4+?

Import Excel to Gravity Forms requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Import Excel to Gravity Forms updated?

Import Excel to Gravity Forms was last updated on Dec 23, 2024. Frequent updates are generally a positive security signal.

What is Import Excel to Gravity Forms's security score?

Import Excel to Gravity Forms has a WP-Safety security score of 90/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Import Excel to Gravity Forms Security & Risk Analysis

wordpress.org/plugins/gf-excel-import

Bulk Import of Records from Excel (CSV) files for "Gravity Forms" with Validation and Internal Logic support.

100 active installs v3.20 PHP 5.4+ WP 4.7+ Updated Dec 23, 2024

csvexcelformsgravityformsimport

A · Safe

CVEs total1

Unpatched0

Last CVEJan 20, 2025

Plugin page Download

Safety Verdict

Is Import Excel to Gravity Forms Safe to Use in 2026?

Generally Safe

Score 90/100

Import Excel to Gravity Forms has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 20, 2025Updated 1yr ago

Risk Assessment

The "gf-excel-import" plugin v3.20 exhibits a mixed security posture. On the positive side, the code demonstrates good practices by utilizing prepared statements for all SQL queries and ensuring all identified outputs are properly escaped. Furthermore, there are no file operations, external HTTP requests, or bundled libraries to worry about, and the taint analysis found no critical or high severity issues. The presence of nonce checks and a capability check also suggests an attempt at securing entry points.

However, the most significant concern arises from the static analysis, which reveals two AJAX handlers that completely lack authentication checks. This creates a substantial attack surface with unprotected entry points. While the vulnerability history shows one past high-severity vulnerability (Cross-site Scripting), it is marked as patched. Nevertheless, the existence of past high-severity vulnerabilities, especially XSS, coupled with the current lack of authentication on AJAX handlers, warrants caution. The plugin has demonstrated a past weakness in input validation that could be exacerbated by unprotected entry points. In conclusion, while the plugin has some strong security fundamentals in place, the unprotected AJAX handlers represent a clear and present risk that needs immediate attention.

Key Concerns

AJAX handlers without auth checks
Past high severity vulnerability (XSS)

Vulnerabilities

Import Excel to Gravity Forms Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2025-24629high · 7.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Import Excel to Gravity Forms <= 1.18 - Reflected Cross-Site Scripting

Jan 20, 2025 Patched in 1.18.1 (33d)

Code Analysis

Analyzed Mar 16, 2026

Import Excel to Gravity Forms Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

50 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped50 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<options> (includes\admin\options.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Import Excel to Gravity Forms Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_gfxl_importgf-excel-import.php:31

noprivwp_ajax_gfxl_importgf-excel-import.php:32

WordPress Hooks 7

actionplugins_loadedgf-excel-import.php:36

actionadmin_enqueue_scriptsincludes\admin\admin.php:10

filtergform_noconflict_stylesincludes\admin\admin.php:24

actionadmin_menuincludes\admin\admin.php:32

filtergform_form_settingsincludes\admin\admin.php:45

filtergform_pre_form_settings_saveincludes\admin\admin.php:78

actiongform_enqueue_scriptsincludes\loader.php:10

Maintenance & Trust

Import Excel to Gravity Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedDec 23, 2024

PHP min version5.4

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Import Excel to Gravity Forms Alternatives

GravityExport Lite for Gravity Forms

gf-entries-in-excel

100

Export all Gravity Forms entries to Excel (.xlsx) or CSV via a download button or a secret shareable URL.

10K No CVEs

CSV Importer

csv-importer

100

Import posts from CSV files into WordPress.

4K 1 CVE

Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light

excel-like-price-change-for-woocommerce-and-wp-e-commerce-light

Spreadsheet Price Changer for WooCommerce and WP E-commerce - Light

500 5 unpatched

CSV Importer Improved

csv-importer-improved

Import posts from CSV files into WordPress.

100 1 unpatched

Entries Importing for Gravity Forms

entries-importing-for-gravity-forms

Entries Importing for Gravity Forms

100 No CVEs

Developer Profile

Import Excel to Gravity Forms Developer Profile

wpgear

15 plugins · 2K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

33 days

View full developer profile

Detection Fingerprints

How We Detect Import Excel to Gravity Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gf-excel-import/includes/admin/admin-style.css/wp-content/plugins/gf-excel-import/includes/import_records.js/wp-content/plugins/gf-excel-import/style.css

Script Paths

/wp-content/plugins/gf-excel-import/includes/import_records.js

HTML / DOM Fingerprints

CSS Classes

gf_tooltiptooltiptooltip_form_form_button_gfxl_import

HTML Comments

<!--
 * WPGear. 
 * Import Excel to Gravity Forms
 * admin.php
 -->

<!--
 * WPGear. 
 * Import Excel to Gravity Forms
 * loader.php
 -->

<!--
 * WPGear. 
 * Import Excel to Gravity Forms
 * admin.php
 -->

<!-- В старших версиях GF изменен формат Всплывающих Подсказок. Поэтому, делаем универсальный вариант. Без изысков. -->

+12 more

Data Attributes

title='Bulk Import of Records from Excel (CSV) files with Validation and Internal Logic support.'

JS Globals

window.GFXLImport_Params

FAQ

Import Excel to Gravity Forms Security & Risk Analysis

Is Import Excel to Gravity Forms Safe to Use in 2026?

Generally Safe

Key Concerns

Import Excel to Gravity Forms Security Vulnerabilities

CVEs by Year

Severity Breakdown

Import Excel to Gravity Forms Code Analysis

Output Escaping

Data Flow Analysis

Import Excel to Gravity Forms Attack Surface

AJAX Handlers 2

Import Excel to Gravity Forms Maintenance & Trust

Maintenance Signals

Community Trust

Import Excel to Gravity Forms Alternatives

GravityExport Lite for Gravity Forms

CSV Importer

Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light

CSV Importer Improved

Entries Importing for Gravity Forms

Import Excel to Gravity Forms Developer Profile

How We Detect Import Excel to Gravity Forms

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Import Excel to Gravity Forms