WP-Safety

WP Gravity Forms Zendesk Security & Risk Analysis

wordpress.org/plugins/gf-zendesk

Gravity Forms Zendesk Add-on sends Gravity Forms entries to Zendesk.

200 active installs v1.1.4 PHP 5.3+ WP 3.8+ Updated Dec 15, 2025
gravity-formsgravity-forms-zendeskzendeskzendesk-gravity-formszendesk-gravity-forms-integration
98
A · Safe
CVEs total2
Unpatched0
Last CVEMay 7, 2025
Plugin page Download
Safety Verdict

Is WP Gravity Forms Zendesk Safe to Use in 2026?

Generally Safe

Score 98/100

WP Gravity Forms Zendesk has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: May 7, 2025Updated 3mo ago
Risk Assessment

The 'gf-zendesk' plugin v1.1.4 presents a mixed security posture. On the positive side, it utilizes prepared statements for a good majority of its SQL queries and has a relatively high percentage of properly escaped output, indicating an effort towards secure coding practices. The plugin also includes a substantial number of nonce and capability checks, which are crucial for preventing unauthorized actions.

However, there are significant concerns stemming from the static analysis. The presence of an unprotected AJAX handler represents a critical attack vector, as it could be exploited by unauthenticated users. The taint analysis revealing a flow with unsanitized paths, even if not classified as critical or high severity in this specific instance, is a red flag that points to potential injection vulnerabilities. The history of two medium-severity vulnerabilities, specifically related to 'Open Redirect' and 'Cross-site Scripting', further amplifies these concerns, suggesting a recurring pattern of input sanitization and output encoding weaknesses in past versions.

While the plugin has no currently unpatched CVEs, the historical vulnerabilities and the identified unprotected entry point suggest that ongoing vigilance and careful review of new code are necessary. The plugin has strengths in its use of prepared statements and output escaping, but the unprotected AJAX handler and past vulnerability patterns warrant caution.

Key Concerns

  • Unprotected AJAX handler found
  • Taint flow with unsanitized path
  • 2 medium severity CVEs historically
Vulnerabilities
2

WP Gravity Forms Zendesk Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-47456medium · 6.1URL Redirection to Untrusted Site ('Open Redirect')

WP Gravity Forms Zendesk <= 1.1.2 - Open Redirect

May 7, 2025 Patched in 1.1.3 (7d)
WF-cc1e9778-2860-4e3c-a2e4-28f10d585fed-gf-zendeskmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CRM Perks - Various Plugins (Various Versions) - Reflected Cross-Site Scripting

Aug 26, 2021 Patched in 1.0.8 (880d)
Code Analysis
Analyzed Mar 16, 2026

WP Gravity Forms Zendesk Code Analysis

Dangerous Functions
0
Raw SQL Queries
8
17 prepared
Unescaped Output
104
401 escaped
Nonce Checks
20
Capability Checks
29
File Operations
2
External Requests
2
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

68% prepared25 total queries

Output Escaping

79% escaped505 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<plugin-pages> (includes\plugin-pages.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WP Gravity Forms Zendesk Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_vxg_zendesk_review_dismisswp\crmperks-notices.php:18
WordPress Hooks 34
actionplugins_loadedgf-zendesk.php:61
actionadmin_noticesgf-zendesk.php:76
actiongform_entry_createdgf-zendesk.php:104
actiongform_post_add_entrygf-zendesk.php:106
actiongform_post_payment_completedgf-zendesk.php:110
actiongform_after_submissiongf-zendesk.php:112
filtergform_confirmationgf-zendesk.php:116
filtergform_custom_merge_tagsgf-zendesk.php:118
filtergform_replace_merge_tagsgf-zendesk.php:119
actioninitgf-zendesk.php:122
actiongform_entry_detail_content_afterincludes\crmperks-gf.php:11
filtergform_tooltipsincludes\edit-form.php:14
actiongform_editor_jsincludes\edit-form.php:15
actiongform_field_standard_settingsincludes\edit-form.php:16
actionadmin_headincludes\edit-form.php:17
filtergform_admin_pre_renderincludes\edit-form.php:26
filtergform_pre_renderincludes\edit-form.php:27
filtergform_tooltipsincludes\plugin-pages.php:34
filtergform_logging_supportedincludes\plugin-pages.php:39
actiongform_form_settings_menuincludes\plugin-pages.php:40
filteradmin_menuincludes\plugin-pages.php:42
actiongform_post_note_addedincludes\plugin-pages.php:44
actiongform_update_statusincludes\plugin-pages.php:48
actiongform_after_update_entryincludes\plugin-pages.php:50
actiongform_entry_detail_sidebar_middleincludes\plugin-pages.php:51
actiongform_entry_infoincludes\plugin-pages.php:52
actionadmin_noticesincludes\plugin-pages.php:54
filterplugin_action_linksincludes\plugin-pages.php:55
actionadd_section_vxg_zendeskwp\crmperks-notices.php:14
filterplugin_row_metawp\crmperks-notices.php:15
actionadd_section_mapping_vxg_zendeskwp\crmperks-notices.php:19
filteradmin_footer_textwp\crmperks-notices.php:22
filtermenu_links_vxg_zendeskwp\crmperks-notices.php:23
filtertab_contents_vxg_zendeskwp\crmperks-notices.php:24
Maintenance & Trust

WP Gravity Forms Zendesk Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 15, 2025
PHP min version5.3
Downloads15K

Community Trust

Rating100/100
Number of ratings7
Active installs200
Alternatives

WP Gravity Forms Zendesk Alternatives

Gravity Forms Zero Spam

Gravity Forms Zero Spam

gravity-forms-zero-spam

A
100

Enhance your Gravity Forms to include anti-spam measures originally based on the work of David Walsh's "Zero Spam" technique.

100K No CVEs
Gravity Booster – Styles & Layouts for Gravity Forms

Gravity Booster – Styles & Layouts for Gravity Forms

styles-and-layouts-for-gravity-forms

A
100

Gravity Booster - Styles and Layouts for Gravity Forms plugin lets you design and style Gravity Forms without CSS coding. You can also use it for addi &hellip;

40K No CVEs
Advanced Custom Fields: Gravity Forms Add-on

Advanced Custom Fields: Gravity Forms Add-on

acf-gravityforms-add-on

A
100

Provides an Advanced Custom Field which allows a WordPress user to select a Gravity Form as part of a field group configuration.

30K No CVEs
Event Tracking for Gravity Forms

Event Tracking for Gravity Forms

gravity-forms-google-analytics-event-tracking

A
92

Easily add event tracking using Gravity Forms and your Google Analytics or Google Tag Manager account. Supports Google Analytics v3 and Gravity Forms &hellip;

20K No CVEs
Gravity PDF

Gravity PDF

gravity-forms-pdf-extended

A
100

Automatically generate, email and download PDF documents from Gravity Forms entries

20K 1 CVE
Developer Profile

WP Gravity Forms Zendesk Developer Profile

CRM Perks

32 plugins · 105K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
349 days
View full developer profile
Detection Fingerprints

How We Detect WP Gravity Forms Zendesk

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gf-zendesk/css/style.css/wp-content/plugins/gf-zendesk/js/script.js/wp-content/plugins/gf-zendesk/js/custom.js/wp-content/plugins/gf-zendesk/pro/plugin-api.js
Script Paths
/wp-content/plugins/gf-zendesk/js/script.js/wp-content/plugins/gf-zendesk/js/custom.js
Version Parameters
gf-zendesk/css/style.css?ver=gf-zendesk/js/script.js?ver=gf-zendesk/js/custom.js?ver=gf-zendesk/pro/plugin-api.js?ver=

HTML / DOM Fingerprints

CSS Classes
vx_notice
HTML Comments
<!-- exit if accessed directly --><!-- plugin starting point. will load appropriate files --><!-- install plugin --><!-- exit if accessed directly -->+5 more
Data Attributes
data-id="gravity"data-id="gravity"
JS Globals
window.vxg_zendesk_obj
FAQ

Frequently Asked Questions about WP Gravity Forms Zendesk