WP-Safety

Gravity Forms Directory Security & Risk Analysis

wordpress.org/plugins/gravity-forms-addons

Add directory capabilities and other functionality to the great Gravity Forms plugin.

700 active installs v4.2 PHP + WP 4.4+ Updated Dec 7, 2020
formformsgravitygravity-formgravity-forms
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Gravity Forms Directory Safe to Use in 2026?

Generally Safe

Score 85/100

Gravity Forms Directory has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The gravity-forms-addons plugin v4.2 exhibits a generally good security posture with a strong emphasis on secure coding practices. The complete absence of known vulnerabilities and CVEs, coupled with the use of prepared statements for all SQL queries, indicates a well-maintained and security-conscious development approach. The presence of nonce and capability checks on a significant portion of its entry points is also commendable.

However, there are specific areas that warrant attention. The static analysis revealed two AJAX handlers without authentication checks, which represent a direct attack surface that could be exploited if they process untrusted user input. Additionally, the taint analysis identified two flows with unsanitized paths, suggesting a potential for insecure handling of data that could lead to vulnerabilities. While the output escaping rate is decent at 62%, a higher percentage would further strengthen the plugin's defense against cross-site scripting (XSS) vulnerabilities.

Overall, the plugin benefits from a clean vulnerability history and good fundamental security practices. The identified weaknesses are primarily related to unauthenticated AJAX endpoints and unsanitized data flows. Addressing these specific concerns would significantly enhance the plugin's security, moving it closer to an optimal security profile.

Key Concerns

  • Unprotected AJAX handlers detected
  • Taint flows with unsanitized paths found
  • Output escaping is not comprehensive (62%)
Vulnerabilities
None known

Gravity Forms Directory Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Gravity Forms Directory Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
103
166 escaped
Nonce Checks
7
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared4 total queries

Output Escaping

62% escaped269 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

7 flows2 with unsanitized paths
show_field_ids (includes\admin\class-gf-directory-admin.php:268)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Gravity Forms Directory Attack Surface

Entry Points5
Unprotected2

AJAX Handlers 4

authwp_ajax_rg_update_feed_activeincludes\class-gf-directory.php:246
authwp_ajax_gf_select_directory_formincludes\class-gf-directory.php:247
authwp_ajax_rg_update_approvedincludes\class-gf-directory.php:248
authwp_ajax_change_directory_columnsincludes\class-gf-directory.php:249

Shortcodes 1

[directory] includes\class-gf-directory-shortcode.php:31
WordPress Hooks 38
actionadmin_noticesgravity-forms-addons.php:73
actioninitincludes\admin\class-gf-directory-admin.php:3
actionadmin_noticesincludes\admin\class-gf-directory-admin.php:19
filtergform_pre_renderincludes\admin\class-gf-directory-admin.php:20
filtergform_addon_navigationincludes\admin\class-gf-directory-admin.php:26
actionmedia_buttonsincludes\admin\class-gf-directory-admin.php:29
actionadmin_footerincludes\admin\class-gf-directory-admin.php:32
actionadmin_headincludes\admin\class-gf-directory-admin.php:37
actiongform_entries_first_column_actionsincludes\admin\class-gf-directory-admin.php:40
actiongform_entry_list_bulk_actionsincludes\admin\class-gf-directory-admin.php:42
actiongform_entry_list_actionincludes\admin\class-gf-directory-admin.php:44
actioninitincludes\class-gf-directory-edit-form.php:3
actionadmin_initincludes\class-gf-directory-edit-form.php:13
filteradmin_headincludes\class-gf-directory-edit-form.php:17
filtergform_tooltipsincludes\class-gf-directory-edit-form.php:20
actiongform_editor_jsincludes\class-gf-directory-edit-form.php:21
filtergform_toolbar_menuincludes\class-gf-directory-edit-form.php:25
actionadmin_headincludes\class-gf-directory-edit-form.php:27
actiongform_field_advanced_settingsincludes\class-gf-directory-edit-form.php:29
filtergform_add_field_buttonsincludes\class-gf-directory-edit-form.php:30
actiongform_editor_js_set_default_valuesincludes\class-gf-directory-edit-form.php:31
actionplugins_loadedincludes\class-gf-directory.php:34
actionplugins_loadedincludes\class-gf-directory.php:35
actioninitincludes\class-gf-directory.php:36
filterplugin_action_linksincludes\class-gf-directory.php:250
actiontemplate_redirectincludes\class-gf-directory.php:258
filterpost_linkincludes\class-gf-directory.php:260
filterpage_linkincludes\class-gf-directory.php:261
filterget_shortlinkincludes\class-gf-directory.php:264
filterkws_gf_directory_anchor_textincludes\class-gf-directory.php:266
filtermembers_get_capabilitiesincludes\class-gf-directory.php:271
filterkws_gf_directory_td_addressincludes\class-gf-directory.php:275
filtergform_get_field_valueincludes\class-gf-directory.php:285
actionadmin_initincludes\class-gravity-forms-lead-creator.php:25
actiongform_entry_infoincludes\class-gravity-forms-lead-creator.php:27
actiongform_after_update_entryincludes\class-gravity-forms-lead-creator.php:29
filtergform_pre_submission_filterincludes\gravity-forms-referrer.php:95
actioninitincludes\gravity-forms-referrer.php:98
Maintenance & Trust

Gravity Forms Directory Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17
Last updatedDec 7, 2020
PHP min version
Downloads185K

Community Trust

Rating64/100
Number of ratings34
Active installs700
Alternatives

Gravity Forms Directory Alternatives

Gravity Forms Zero Spam

Gravity Forms Zero Spam

gravity-forms-zero-spam

A
100

Enhance your Gravity Forms to include anti-spam measures originally based on the work of David Walsh's "Zero Spam" technique.

100K No CVEs
Gravity Booster – Styles & Layouts for Gravity Forms

Gravity Booster – Styles & Layouts for Gravity Forms

styles-and-layouts-for-gravity-forms

A
100

Gravity Booster - Styles and Layouts for Gravity Forms plugin lets you design and style Gravity Forms without CSS coding. You can also use it for addi …

40K No CVEs
Advanced Custom Fields: Gravity Forms Add-on

Advanced Custom Fields: Gravity Forms Add-on

acf-gravityforms-add-on

A
100

Provides an Advanced Custom Field which allows a WordPress user to select a Gravity Form as part of a field group configuration.

30K No CVEs
Event Tracking for Gravity Forms

Event Tracking for Gravity Forms

gravity-forms-google-analytics-event-tracking

A
92

Easily add event tracking using Gravity Forms and your Google Analytics or Google Tag Manager account. Supports Google Analytics v3 and Gravity Forms …

20K No CVEs
Gravity PDF

Gravity PDF

gravity-forms-pdf-extended

A
100

Automatically generate, email and download PDF documents from Gravity Forms entries

20K 1 CVE
Developer Profile

Gravity Forms Directory Developer Profile

Zack Katz

23 plugins · 14K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Gravity Forms Directory

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gravity-forms-addons/assets/css/gf-directory-admin.css/wp-content/plugins/gravity-forms-addons/assets/js/gf-directory-admin.js/wp-content/plugins/gravity-forms-addons/assets/css/gf-directory-frontend.css/wp-content/plugins/gravity-forms-addons/assets/js/gf-directory-frontend.js
Script Paths
/wp-content/plugins/gravity-forms-addons/assets/js/gf-directory-admin.js/wp-content/plugins/gravity-forms-addons/assets/js/gf-directory-frontend.js
Version Parameters
gravity-forms-addons/assets/css/gf-directory-admin.css?ver=gravity-forms-addons/assets/js/gf-directory-admin.js?ver=gravity-forms-addons/assets/css/gf-directory-frontend.css?ver=gravity-forms-addons/assets/js/gf-directory-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
gf_directory_field_settingsgf_directory_wrapgf_directory_search_wrapper
HTML Comments
<!-- create a new Settings page on Gravity Forms' settings screen --><!-- creates the subnav left menu --><!--Adding "embed form" button--><!-- Requires Gravity Forms 2.2.4 -->
Data Attributes
data-gf_directory_entry_iddata-gf_directory_form_id
JS Globals
window.GFDirectoryAdminwindow.GFDirectoryShortcode
Shortcode Output
[gf_directory][gf_directory_search]
FAQ

Frequently Asked Questions about Gravity Forms Directory