WP-Safety

WP Gravity Forms Insightly Security & Risk Analysis

wordpress.org/plugins/gf-insightly

Gravity Forms Insightly Add-on sends Gravity Forms entries to Insightly.

60 active installs v1.1.7 PHP 5.3+ WP 3.8+ Updated Dec 22, 2025
gravity-formsgravity-forms-insightlyinsightlyinsightly-gravity-formsinsightly-gravity-forms-integration
97
A · Safe
CVEs total2
Unpatched0
Last CVEAug 9, 2025
Plugin page Download
Safety Verdict

Is WP Gravity Forms Insightly Safe to Use in 2026?

Generally Safe

Score 97/100

WP Gravity Forms Insightly has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Aug 9, 2025Updated 3mo ago
Risk Assessment

The "gf-insightly" plugin v1.1.7 exhibits a mixed security posture. While it demonstrates good practices in SQL query preparation and output escaping, several significant concerns warrant attention. The presence of one unprotected AJAX handler is a critical entry point that attackers could exploit. The use of the `unserialize` function, coupled with a taint flow identified as high severity involving unsanitized paths, strongly suggests a risk of deserialization vulnerabilities. Although there are no currently unpatched CVEs, the plugin's history reveals past high and medium severity vulnerabilities, specifically related to deserialization and Cross-Site Scripting. This pattern indicates a recurring weakness that requires careful ongoing monitoring and prompt patching of any future vulnerabilities. The plugin has strengths in its implementation of nonce and capability checks, but the identified unprotected entry point and the potential for deserialization issues significantly elevate its risk profile.

Key Concerns

  • Unprotected AJAX handler
  • High severity taint flow: unsanitized path
  • Use of dangerous function: unserialize
  • Past high severity vulnerability history
  • Past medium severity vulnerability history
Vulnerabilities
2

WP Gravity Forms Insightly Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2025-60090high · 8.1Deserialization of Untrusted Data

Gravity Forms Insightly <= 1.1.6 - Unauthenticated PHP Object Injection

Aug 9, 2025 Patched in 1.1.7 (152d)
WF-cc1e9778-2860-4e3c-a2e4-28f10d585fed-gf-insightlymedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CRM Perks - Various Plugins (Various Versions) - Reflected Cross-Site Scripting

Aug 26, 2021 Patched in 1.0.7 (880d)
Code Analysis
Analyzed Mar 16, 2026

WP Gravity Forms Insightly Code Analysis

Dangerous Functions
1
Raw SQL Queries
8
17 prepared
Unescaped Output
105
400 escaped
Nonce Checks
20
Capability Checks
29
File Operations
3
External Requests
3
Bundled Libraries
1

Dangerous Functions Found

unserialize$value=unserialize($value, array('allowed_classes' => false));gf-insightly.php:492

Bundled Libraries

Select2

SQL Query Safety

68% prepared25 total queries

Output Escaping

79% escaped505 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<plugin-pages> (includes\plugin-pages.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WP Gravity Forms Insightly Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_vxg_insightly_review_dismisswp\crmperks-notices.php:19
WordPress Hooks 33
actionplugins_loadedgf-insightly.php:60
actionadmin_noticesgf-insightly.php:76
actiongform_entry_createdgf-insightly.php:103
actiongform_post_add_entrygf-insightly.php:105
actiongform_post_payment_completedgf-insightly.php:108
actiongform_after_submissiongf-insightly.php:110
filtergform_confirmationgf-insightly.php:113
actioninitgf-insightly.php:116
actiongform_entry_detail_content_afterincludes\crmperks-gf.php:11
filtergform_tooltipsincludes\edit-form.php:14
actiongform_editor_jsincludes\edit-form.php:15
actiongform_field_standard_settingsincludes\edit-form.php:16
actionadmin_headincludes\edit-form.php:17
filtergform_admin_pre_renderincludes\edit-form.php:25
filtergform_pre_renderincludes\edit-form.php:26
filtergform_tooltipsincludes\plugin-pages.php:35
filtergform_logging_supportedincludes\plugin-pages.php:39
actiongform_form_settings_menuincludes\plugin-pages.php:40
filteradmin_menuincludes\plugin-pages.php:42
actiongform_post_note_addedincludes\plugin-pages.php:44
actiongform_pre_note_deletedincludes\plugin-pages.php:45
actiongform_update_statusincludes\plugin-pages.php:48
actiongform_after_update_entryincludes\plugin-pages.php:50
actiongform_entry_detail_sidebar_middleincludes\plugin-pages.php:51
actiongform_entry_infoincludes\plugin-pages.php:52
actionadmin_noticesincludes\plugin-pages.php:54
filterplugin_action_linksincludes\plugin-pages.php:55
actionadd_section_vxg_insightlywp\crmperks-notices.php:14
actionadd_section_mapping_vxg_insightlywp\crmperks-notices.php:15
filterplugin_row_metawp\crmperks-notices.php:16
filteradmin_footer_textwp\crmperks-notices.php:22
filtermenu_links_vxg_insightlywp\crmperks-notices.php:23
filtertab_contents_vxg_insightlywp\crmperks-notices.php:24
Maintenance & Trust

WP Gravity Forms Insightly Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 22, 2025
PHP min version5.3
Downloads4K

Community Trust

Rating100/100
Number of ratings9
Active installs60
Alternatives

WP Gravity Forms Insightly Alternatives

Gravity Forms Zero Spam

Gravity Forms Zero Spam

gravity-forms-zero-spam

A
100

Enhance your Gravity Forms to include anti-spam measures originally based on the work of David Walsh's "Zero Spam" technique.

100K No CVEs
Gravity Booster – Styles & Layouts for Gravity Forms

Gravity Booster – Styles & Layouts for Gravity Forms

styles-and-layouts-for-gravity-forms

A
100

Gravity Booster - Styles and Layouts for Gravity Forms plugin lets you design and style Gravity Forms without CSS coding. You can also use it for addi &hellip;

40K No CVEs
Advanced Custom Fields: Gravity Forms Add-on

Advanced Custom Fields: Gravity Forms Add-on

acf-gravityforms-add-on

A
100

Provides an Advanced Custom Field which allows a WordPress user to select a Gravity Form as part of a field group configuration.

30K No CVEs
Event Tracking for Gravity Forms

Event Tracking for Gravity Forms

gravity-forms-google-analytics-event-tracking

A
92

Easily add event tracking using Gravity Forms and your Google Analytics or Google Tag Manager account. Supports Google Analytics v3 and Gravity Forms &hellip;

20K No CVEs
Gravity PDF

Gravity PDF

gravity-forms-pdf-extended

A
100

Automatically generate, email and download PDF documents from Gravity Forms entries

20K 1 CVE
Developer Profile

WP Gravity Forms Insightly Developer Profile

CRM Perks

32 plugins · 105K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
349 days
View full developer profile
Detection Fingerprints

How We Detect WP Gravity Forms Insightly

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gf-insightly/assets/css/style.css/wp-content/plugins/gf-insightly/assets/js/script.js
Script Paths
/wp-content/plugins/gf-insightly/assets/js/script.js
Version Parameters
gf-insightly/assets/css/style.css?ver=gf-insightly/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
vx_noticevx_msg
Data Attributes
data-id
JS Globals
vxg_insightlyvxcf_plugin_api
FAQ

Frequently Asked Questions about WP Gravity Forms Insightly