WP-Safety

WP Gravity Forms Keap/Infusionsoft Security & Risk Analysis

wordpress.org/plugins/gf-infusionsoft

Gravity Forms Keap/infusionsoft Add-on sends Gravity Forms entries to infusionsoft/Keap CRM.

300 active installs v1.2.7 PHP 5.3+ WP 3.8+ Updated Feb 24, 2026
gravity-formsgravity-forms-infusionsoftgravity-forms-infusionsoft-by-keapinfusionsoft-gravity-forms-integrationkeap
96
A · Safe
CVEs total3
Unpatched0
Last CVESep 22, 2025
Plugin page Download
Safety Verdict

Is WP Gravity Forms Keap/Infusionsoft Safe to Use in 2026?

Generally Safe

Score 96/100

WP Gravity Forms Keap/Infusionsoft has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Sep 22, 2025Updated 1mo ago
Risk Assessment

The gf-infusionsoft plugin v1.2.7 exhibits a mixed security posture. While it demonstrates good practices in areas like SQL prepared statements and capability checks, significant concerns arise from its attack surface and taint analysis results. The presence of an unprotected AJAX handler is a critical weakness, as it provides an entry point for unauthenticated attackers. The taint analysis reveals one high-severity flow with unsanitized data, which could potentially lead to various injection attacks if exploited. The plugin's vulnerability history, with three past CVEs including high and medium severity issues like 'Open Redirect', 'Deserialization of Untrusted Data', and 'Cross-site Scripting', indicates a pattern of past security oversights. Although no CVEs are currently unpatched, this history suggests a need for ongoing vigilance and robust security development practices. The plugin's strengths in using prepared statements and capability checks are commendable, but the unprotected AJAX handler and high-severity taint flow overshadow these positive aspects, demanding immediate attention.

Key Concerns

  • Unprotected AJAX handler present
  • High severity taint flow with unsanitized paths
  • Past high severity CVEs detected
  • Past medium severity CVEs detected
  • Significant amount of SQL queries
  • Some outputs not properly escaped
Vulnerabilities
3

WP Gravity Forms Keap/Infusionsoft Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2025-58006medium · 4.3URL Redirection to Untrusted Site ('Open Redirect')

WP Gravity Forms Keap/Infusionsoft <= 1.2.6 - Open Redirect

Sep 22, 2025 Patched in 1.2.7 (158d)
CVE-2025-58636high · 8.1Deserialization of Untrusted Data

Gravity Forms Keap/Infusionsoft <= 1.2.3 - Unauthenticated PHP Object Injection

Aug 8, 2025 Patched in 1.2.4 (97d)
WF-cc1e9778-2860-4e3c-a2e4-28f10d585fed-gf-infusionsoftmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CRM Perks - Various Plugins (Various Versions) - Reflected Cross-Site Scripting

Aug 26, 2021 Patched in 1.1.5 (880d)
Code Analysis
Analyzed Mar 16, 2026

WP Gravity Forms Keap/Infusionsoft Code Analysis

Dangerous Functions
0
Raw SQL Queries
8
17 prepared
Unescaped Output
122
406 escaped
Nonce Checks
20
Capability Checks
29
File Operations
3
External Requests
3
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

68% prepared25 total queries

Output Escaping

77% escaped528 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
push_object (api\api.php:796)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WP Gravity Forms Keap/Infusionsoft Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_vxg_infusion_review_dismisswp\crmperks-notices.php:19
WordPress Hooks 34
actionplugins_loadedgf-infusionsoft.php:60
actionadmin_noticesgf-infusionsoft.php:75
actiongform_entry_createdgf-infusionsoft.php:102
actiongform_post_add_entrygf-infusionsoft.php:104
actiongform_post_payment_completedgf-infusionsoft.php:108
actiongform_after_submissiongf-infusionsoft.php:110
actiongform_post_add_subscription_paymentgf-infusionsoft.php:111
filtergform_confirmationgf-infusionsoft.php:114
actioninitgf-infusionsoft.php:117
actiongform_entry_detail_content_afterincludes\crmperks-gf.php:11
filtergform_tooltipsincludes\edit-form.php:14
actiongform_editor_jsincludes\edit-form.php:15
actiongform_field_standard_settingsincludes\edit-form.php:16
actionadmin_headincludes\edit-form.php:17
filtergform_admin_pre_renderincludes\edit-form.php:25
filtergform_pre_renderincludes\edit-form.php:26
filtergform_tooltipsincludes\plugin-pages.php:35
filtergform_logging_supportedincludes\plugin-pages.php:40
actiongform_form_settings_menuincludes\plugin-pages.php:41
filteradmin_menuincludes\plugin-pages.php:43
actiongform_post_note_addedincludes\plugin-pages.php:45
actiongform_pre_note_deletedincludes\plugin-pages.php:46
actiongform_update_statusincludes\plugin-pages.php:49
actiongform_after_update_entryincludes\plugin-pages.php:51
actiongform_entry_detail_sidebar_middleincludes\plugin-pages.php:52
actiongform_entry_infoincludes\plugin-pages.php:53
actionadmin_noticesincludes\plugin-pages.php:55
filterplugin_action_linksincludes\plugin-pages.php:56
actionadd_section_vxg_infusionsoftwp\crmperks-notices.php:14
actionadd_section_mapping_vxg_infusionsoftwp\crmperks-notices.php:15
filterplugin_row_metawp\crmperks-notices.php:16
filteradmin_footer_textwp\crmperks-notices.php:22
filtermenu_links_vxg_infusionsoftwp\crmperks-notices.php:23
filtertab_contents_vxg_infusionsoftwp\crmperks-notices.php:24
Maintenance & Trust

WP Gravity Forms Keap/Infusionsoft Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 24, 2026
PHP min version5.3
Downloads21K

Community Trust

Rating98/100
Number of ratings38
Active installs300
Alternatives

WP Gravity Forms Keap/Infusionsoft Alternatives

Gravity Forms Keap Feed

Gravity Forms Keap Feed

systasis-gf-infusionsoft-feed

A
100

Sync form submissions between Gravity Forms and Keap

100 No CVEs
Gravity Forms Zero Spam

Gravity Forms Zero Spam

gravity-forms-zero-spam

A
100

Enhance your Gravity Forms to include anti-spam measures originally based on the work of David Walsh's "Zero Spam" technique.

100K No CVEs
Gravity Booster – Styles & Layouts for Gravity Forms

Gravity Booster – Styles & Layouts for Gravity Forms

styles-and-layouts-for-gravity-forms

A
100

Gravity Booster - Styles and Layouts for Gravity Forms plugin lets you design and style Gravity Forms without CSS coding. You can also use it for addi &hellip;

40K No CVEs
Advanced Custom Fields: Gravity Forms Add-on

Advanced Custom Fields: Gravity Forms Add-on

acf-gravityforms-add-on

A
100

Provides an Advanced Custom Field which allows a WordPress user to select a Gravity Form as part of a field group configuration.

30K No CVEs
Event Tracking for Gravity Forms

Event Tracking for Gravity Forms

gravity-forms-google-analytics-event-tracking

A
92

Easily add event tracking using Gravity Forms and your Google Analytics or Google Tag Manager account. Supports Google Analytics v3 and Gravity Forms &hellip;

20K No CVEs
Developer Profile

WP Gravity Forms Keap/Infusionsoft Developer Profile

CRM Perks

32 plugins · 105K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
349 days
View full developer profile
Detection Fingerprints

How We Detect WP Gravity Forms Keap/Infusionsoft

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gf-infusionsoft/includes/plugin-pages.php/wp-content/plugins/gf-infusionsoft/includes/crmperks-gf.php/wp-content/plugins/gf-infusionsoft/includes/edit-form.php/wp-content/plugins/gf-infusionsoft/pro/add-ons.php/wp-content/plugins/gf-infusionsoft/wp/crmperks-notices.php/wp-content/plugins/gf-infusionsoft/includes/install.php
Version Parameters
gf-infusionsoft/style.css?ver=gf-infusionsoft/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
vx_noticevx_msg
HTML Comments
<!-- exp --><!-- Install Gravity Forms Notice (plugin row) --><!-- admin_screen_message function. --><!-- Gravity forms status -->+2 more
Data Attributes
data-id
JS Globals
vxg_infusionsoftvxcf_plugin_api
FAQ

Frequently Asked Questions about WP Gravity Forms Keap/Infusionsoft