WP-Safety

WP Gravity Forms Zoho CRM and Bigin Security & Risk Analysis

wordpress.org/plugins/gf-zoho

Gravity Forms Zoho CRM Add-On Sends Gravity Forms entries to Zoho CRM and Bigin.

500 active installs v1.3.0 PHP 5.3+ WP 3.8+ Updated Dec 22, 2025
zohozoho-extensionzoho-gravity-formszoho-leadszoho-plugin
95
A · Safe
CVEs total3
Unpatched0
Last CVEOct 21, 2025
Plugin page Download
Safety Verdict

Is WP Gravity Forms Zoho CRM and Bigin Safe to Use in 2026?

Generally Safe

Score 95/100

WP Gravity Forms Zoho CRM and Bigin has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Oct 21, 2025Updated 3mo ago
Risk Assessment

The gf-zoho plugin v1.3.0 presents a mixed security posture. While it demonstrates a decent effort in implementing security measures, such as a substantial number of nonce and capability checks, and a majority of SQL queries utilizing prepared statements, significant concerns remain. The presence of a single unprotected AJAX handler is a critical entry point that could be exploited if not properly secured. Furthermore, the taint analysis revealing a flow with an unsanitized path and a high severity indicates a potential vulnerability that could lead to serious security breaches. The plugin's vulnerability history, including past issues like Open Redirect, Deserialization, and XSS, coupled with a high-severity past vulnerability, suggests a recurring pattern of weaknesses that require diligent attention. While the current version has no unpatched CVEs, the historical context coupled with the current code analysis findings suggests a need for ongoing vigilance and robust security practices.

Key Concerns

  • Unprotected AJAX handler
  • Taint flow with unsanitized path (High severity)
  • Dangerous function: unserialize
  • Past high severity vulnerability
  • Bundled library (Select2)
Vulnerabilities
3

WP Gravity Forms Zoho CRM and Bigin Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2025-62981medium · 4.7URL Redirection to Untrusted Site ('Open Redirect')

WP Gravity Forms Zoho CRM and Bigin <= 1.2.8 - Open Redirect

Oct 21, 2025 Patched in 1.2.9 (10d)
CVE-2025-60091high · 8.1Deserialization of Untrusted Data

Gravity Forms Zoho CRM and Bigin <= 1.2.9 - Unauthenticated PHP Object Injection

Aug 8, 2025 Patched in 1.3.0 (153d)
WF-cc1e9778-2860-4e3c-a2e4-28f10d585fed-gf-zohomedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CRM Perks - Various Plugins (Various Versions) - Reflected Cross-Site Scripting

Aug 26, 2021 Patched in 1.1.6 (880d)
Code Analysis
Analyzed Mar 16, 2026

WP Gravity Forms Zoho CRM and Bigin Code Analysis

Dangerous Functions
1
Raw SQL Queries
8
17 prepared
Unescaped Output
111
411 escaped
Nonce Checks
20
Capability Checks
29
File Operations
2
External Requests
2
Bundled Libraries
1

Dangerous Functions Found

unserialize$v_temp=array(); $value=unserialize($value, array('allowed_classes' => false));gf-zoho.php:525

Bundled Libraries

Select2

SQL Query Safety

68% prepared25 total queries

Output Escaping

79% escaped522 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
setup_plugin (includes\plugin-pages.php:909)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WP Gravity Forms Zoho CRM and Bigin Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_vxg_zoho_review_dismisswp\crmperks-notices.php:18
WordPress Hooks 36
actionplugins_loadedgf-zoho.php:61
actionadmin_noticesgf-zoho.php:76
actiongform_entry_createdgf-zoho.php:103
actiongform_post_add_entrygf-zoho.php:105
actiongform_post_payment_completedgf-zoho.php:109
actiongform_after_submissiongf-zoho.php:111
actiongform_post_add_subscription_paymentgf-zoho.php:112
filtergform_confirmationgf-zoho.php:114
filtergform_custom_merge_tagsgf-zoho.php:115
filtergform_replace_merge_tagsgf-zoho.php:116
actioninitgf-zoho.php:119
actiongform_entry_detail_content_afterincludes\crmperks-gf.php:11
filtergform_tooltipsincludes\edit-form.php:14
actiongform_editor_jsincludes\edit-form.php:15
actiongform_field_standard_settingsincludes\edit-form.php:16
actionadmin_headincludes\edit-form.php:17
filtergform_admin_pre_renderincludes\edit-form.php:25
filtergform_pre_renderincludes\edit-form.php:26
filtergform_tooltipsincludes\plugin-pages.php:35
filtergform_logging_supportedincludes\plugin-pages.php:40
actiongform_form_settings_menuincludes\plugin-pages.php:41
filteradmin_menuincludes\plugin-pages.php:43
actiongform_post_note_addedincludes\plugin-pages.php:45
actiongform_pre_note_deletedincludes\plugin-pages.php:46
actiongform_update_statusincludes\plugin-pages.php:49
actiongform_after_update_entryincludes\plugin-pages.php:51
actiongform_entry_detail_sidebar_middleincludes\plugin-pages.php:52
actiongform_entry_infoincludes\plugin-pages.php:53
actionadmin_noticesincludes\plugin-pages.php:55
filterplugin_action_linksincludes\plugin-pages.php:56
actionadd_section_vxg_zohowp\crmperks-notices.php:14
filterplugin_row_metawp\crmperks-notices.php:15
actionvx_plugin_upgrade_notice_plugin_vxg_zohowp\crmperks-notices.php:19
filteradmin_footer_textwp\crmperks-notices.php:22
filtermenu_links_vxg_zohowp\crmperks-notices.php:23
filtertab_contents_vxg_zohowp\crmperks-notices.php:24
Maintenance & Trust

WP Gravity Forms Zoho CRM and Bigin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 22, 2025
PHP min version5.3
Downloads18K

Community Trust

Rating100/100
Number of ratings24
Active installs500
Alternatives

WP Gravity Forms Zoho CRM and Bigin Alternatives

Zoho SalesIQ – Live chat, chatbots, and visitor tracking

Zoho SalesIQ – Live chat, chatbots, and visitor tracking

zoho-salesiq

A
97

Identify, engage and convert website visitors with live chat and visitor analytics.

20K 4 CVEs
AFI – The Easiest Integration Plugin

AFI – The Easiest Integration Plugin

advanced-form-integration

A
97

Connect any WordPress form or event to 200+ apps — no code. Send leads, orders, and signups to your CRM, email, or sheets in minutes.

10K 8 CVEs
WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms – CRM, Bigin

WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms – CRM, Bigin

cf7-zoho

A
90

Send Contact Form 7, WPforms, Elementor, Formidable, Ninja Forms and many other contact form submissions to zoho CRM and Bigin.

3K 5 CVEs
Zoho CRM Lead Magnet

Zoho CRM Lead Magnet

zoho-crm-forms

C
67

Websites are one of the most important sources of leads for your business.

3K 1 unpatched
Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin

Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin

woo-zoho

A
99

WooCommerce Zoho Connector allows you to quickly integrate WooCommerce Orders with Zoho CRM, Books, Inventory and Invoice.

2K 2 CVEs
Developer Profile

WP Gravity Forms Zoho CRM and Bigin Developer Profile

CRM Perks

32 plugins · 105K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
349 days
View full developer profile
Detection Fingerprints

How We Detect WP Gravity Forms Zoho CRM and Bigin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gf-zoho/admin/js/crm-function.js/wp-content/plugins/gf-zoho/admin/css/admin-style.css/wp-content/plugins/gf-zoho/admin/js/notice.js/wp-content/plugins/gf-zoho/includes/js/gf-zoho-feeds.js/wp-content/plugins/gf-zoho/admin/js/gf-zoho-add-on.js/wp-content/plugins/gf-zoho/assets/css/vxg-style.css/wp-content/plugins/gf-zoho/assets/js/vxg-script.js
Version Parameters
gf-zoho/admin/js/crm-function.js?ver=gf-zoho/admin/css/admin-style.css?ver=gf-zoho/admin/js/notice.js?ver=gf-zoho/includes/js/gf-zoho-feeds.js?ver=gf-zoho/admin/js/gf-zoho-add-on.js?ver=gf-zoho/assets/css/vxg-style.css?ver=gf-zoho/assets/js/vxg-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
vx_noticegf-zoho-feed-settingsgf-zoho-add-on-page
HTML Comments
<!-- START: GF Zoho PRO Plugin API --><!-- END: GF Zoho PRO Plugin API --><!-- START: GF Zoho PRO Plugin Add-Ons --><!-- END: GF Zoho PRO Plugin Add-Ons -->+2 more
Data Attributes
data-id="gravity"data-id="zoho-feed"
JS Globals
window.vx_zoho_feeds_objwindow.gf_zoho_script_params
Shortcode Output
{zoholink_{zohoid_
FAQ

Frequently Asked Questions about WP Gravity Forms Zoho CRM and Bigin