WP-Safety

Gravity Fieldset for Gravity Forms Security & Risk Analysis

wordpress.org/plugins/gravity-fieldset-for-gravity-forms

Extends the Gravity Forms plugin - adding an fieldset open and close field that can be used to create 'real' sections.

1K active installs v0.2.1 PHP + WP 4.2+ Updated Dec 8, 2016
fieldsetformsgravity-formsgravity-forms-stylingwrapper
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Gravity Fieldset for Gravity Forms Safe to Use in 2026?

Generally Safe

Score 85/100

Gravity Fieldset for Gravity Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The plugin "gravity-fieldset-for-gravity-forms" v0.2.1 exhibits a strong security posture in several key areas. Static analysis reveals no identified attack surface, meaning there are no accessible AJAX handlers, REST API routes, shortcodes, or cron events that could be directly exploited. Furthermore, the absence of dangerous functions, file operations, and external HTTP requests suggests a limited potential for direct code execution or sensitive data exfiltration. The use of prepared statements for all SQL queries is a significant strength, mitigating the risk of SQL injection vulnerabilities.

However, the static analysis also highlights a critical weakness: 100% of outputs are not properly escaped. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected into the site's output, potentially impacting users or administrators. The lack of nonce and capability checks is also concerning, as it suggests that many functionalities may not be adequately protected against unauthorized access or actions, especially if an attack surface were to be discovered or created in the future.

The vulnerability history of this plugin is clean, with no recorded CVEs. This is a positive sign, suggesting that the developers have either been diligent in maintaining security or the plugin hasn't been a target for serious exploitation. Combined with the lack of critical taint flows and unsanitized paths, this history reinforces the idea that the core logic might be sound. However, the unescaped output remains a significant and immediate concern that requires remediation.

Key Concerns

  • All outputs are unescaped
  • No nonce checks found
  • No capability checks found
Vulnerabilities
None known

Gravity Fieldset for Gravity Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Gravity Fieldset for Gravity Forms Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped4 total outputs
Attack Surface

Gravity Fieldset for Gravity Forms Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 11
actionplugins_loadedgravity-fieldset-for-gravity-forms.php:24
actionadmin_noticesgravity-fieldset-for-gravity-forms.php:26
actionplugins_loadedgravity-fieldset-for-gravity-forms.php:55
filtergform_add_field_buttonsgravity-fieldset-for-gravity-forms.php:75
filtergform_field_type_titlegravity-fieldset-for-gravity-forms.php:79
actiongform_editor_jsgravity-fieldset-for-gravity-forms.php:80
actiongform_field_css_classgravity-fieldset-for-gravity-forms.php:81
filtergform_field_contentgravity-fieldset-for-gravity-forms.php:82
filtergform_field_containergravity-fieldset-for-gravity-forms.php:86
filtergform_field_contentgravity-fieldset-for-gravity-forms.php:87
filtergform_get_form_filtergravity-fieldset-for-gravity-forms.php:90
Maintenance & Trust

Gravity Fieldset for Gravity Forms Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32
Last updatedDec 8, 2016
PHP min version
Downloads26K

Community Trust

Rating60/100
Number of ratings2
Active installs1K
Alternatives

Gravity Fieldset for Gravity Forms Alternatives

Wrap form fields in Gravity Forms

Wrap form fields in Gravity Forms

wrap-form-fields-in-gravity-forms

A
85

Extends the Gravity Forms plugin - Adding a new field type to wrap field items in a div with custom classes.

1K No CVEs
Gravity Forms Zero Spam

Gravity Forms Zero Spam

gravity-forms-zero-spam

A
100

Enhance your Gravity Forms to include anti-spam measures originally based on the work of David Walsh's "Zero Spam" technique.

100K No CVEs
Gravity Booster – Styles & Layouts for Gravity Forms

Gravity Booster – Styles & Layouts for Gravity Forms

styles-and-layouts-for-gravity-forms

A
100

Gravity Booster - Styles and Layouts for Gravity Forms plugin lets you design and style Gravity Forms without CSS coding. You can also use it for addi …

40K No CVEs
Advanced Custom Fields: Gravity Forms Add-on

Advanced Custom Fields: Gravity Forms Add-on

acf-gravityforms-add-on

A
100

Provides an Advanced Custom Field which allows a WordPress user to select a Gravity Form as part of a field group configuration.

30K No CVEs
Event Tracking for Gravity Forms

Event Tracking for Gravity Forms

gravity-forms-google-analytics-event-tracking

A
92

Easily add event tracking using Gravity Forms and your Google Analytics or Google Tag Manager account. Supports Google Analytics v3 and Gravity Forms …

20K No CVEs
Developer Profile

Gravity Fieldset for Gravity Forms Developer Profile

Cashfree

2 plugins · 10K total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Gravity Fieldset for Gravity Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gravity-fieldset-for-gravity-forms/css/raak_fieldset_admin.css
Script Paths
/wp-content/plugins/gravity-fieldset-for-gravity-forms/js/raak_fieldset_admin.js/wp-content/plugins/gravity-fieldset-for-gravity-forms/js/raak_fieldset_admin.php

HTML / DOM Fingerprints

CSS Classes
gform_fieldset_begingform_fieldset_endgform_fieldsetgfieldsetgfieldset-legend
Data Attributes
data-type="FieldsetBegin"data-type="FieldsetEnd"
FAQ

Frequently Asked Questions about Gravity Fieldset for Gravity Forms