WP-Safety

iContact for Gravity Forms Security & Risk Analysis

wordpress.org/plugins/gravity-forms-icontact

Integrate the remarkable Gravity Forms plugin with iContact.

80 active installs v1.3.2 PHP + WP 3.3+ Updated Jun 9, 2015
formformsgravitygravity-formsicontact
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEFeb 5, 2026
Plugin page Download
Safety Verdict

Is iContact for Gravity Forms Safe to Use in 2026?

Use With Caution

Score 63/100

iContact for Gravity Forms has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Feb 5, 2026Updated 10yr ago
Risk Assessment

The gravity-forms-icontact plugin v1.3.2 exhibits a mixed security posture. On the positive side, it has a small attack surface with no unprotected entry points and a good percentage of SQL queries utilizing prepared statements. It also incorporates nonce and capability checks, indicating some awareness of secure coding practices. However, a significant concern lies in the output escaping, with only 36% of outputs being properly escaped. This leaves a considerable portion of the plugin's output potentially vulnerable to cross-site scripting (XSS) attacks.

The vulnerability history reveals a concerning pattern. The plugin has a known medium severity CVE that remains unpatched. The common vulnerability type being Cross-site Scripting, coupled with the low percentage of properly escaped outputs identified in the static analysis, strongly suggests that the previous vulnerability was likely related to improper output sanitization. The identified taint flow with an unsanitized path further amplifies this concern, as it indicates a potential avenue for malicious input to be processed without adequate cleaning.

In conclusion, while the plugin has some good security fundamentals in place, the prevalence of unescaped output and the existence of an unpatched XSS vulnerability necessitate caution. The identified taint flow also highlights a specific area of potential weakness. Users should be aware of the risk of XSS, especially when considering the past vulnerability and the current static analysis findings. Addressing the output escaping and patching the known vulnerability are critical steps to improving the plugin's security.

Key Concerns

  • Unpatched CVE (medium severity)
  • Low percentage of properly escaped outputs (36%)
  • Flow with unsanitized path identified
Vulnerabilities
1

iContact for Gravity Forms Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-68863medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

iContact for Gravity Forms <= 1.3.2 - Reflected Cross-Site Scripting

Feb 5, 2026Unpatched
Code Analysis
Analyzed Mar 16, 2026

iContact for Gravity Forms Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
8 prepared
Unescaped Output
48
27 escaped
Nonce Checks
6
Capability Checks
4
File Operations
0
External Requests
3
Bundled Libraries
0

SQL Query Safety

89% prepared9 total queries

Output Escaping

36% escaped75 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
edit_page (icontact.php:544)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

iContact for Gravity Forms Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_rg_update_feed_activeicontact.php:98
authwp_ajax_gf_select_icontact_formicontact.php:99
WordPress Hooks 8
actioniniticontact.php:28
filterplugin_action_linksicontact.php:48
filtertransient_update_pluginsicontact.php:60
filtermembers_get_capabilitiesicontact.php:71
filtergform_addon_navigationicontact.php:74
filtergform_tooltipsicontact.php:87
actiongform_post_submissionicontact.php:104
actiongform_entry_infoicontact.php:107
Maintenance & Trust

iContact for Gravity Forms Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39
Last updatedJun 9, 2015
PHP min version
Downloads9K

Community Trust

Rating100/100
Number of ratings1
Active installs80
Alternatives

iContact for Gravity Forms Alternatives

Gravity Forms Zero Spam

Gravity Forms Zero Spam

gravity-forms-zero-spam

A
100

Enhance your Gravity Forms to include anti-spam measures originally based on the work of David Walsh's "Zero Spam" technique.

100K No CVEs
Gravity Booster – Styles & Layouts for Gravity Forms

Gravity Booster – Styles & Layouts for Gravity Forms

styles-and-layouts-for-gravity-forms

A
100

Gravity Booster - Styles and Layouts for Gravity Forms plugin lets you design and style Gravity Forms without CSS coding. You can also use it for addi &hellip;

40K No CVEs
Advanced Custom Fields: Gravity Forms Add-on

Advanced Custom Fields: Gravity Forms Add-on

acf-gravityforms-add-on

A
100

Provides an Advanced Custom Field which allows a WordPress user to select a Gravity Form as part of a field group configuration.

30K No CVEs
Event Tracking for Gravity Forms

Event Tracking for Gravity Forms

gravity-forms-google-analytics-event-tracking

A
92

Easily add event tracking using Gravity Forms and your Google Analytics or Google Tag Manager account. Supports Google Analytics v3 and Gravity Forms &hellip;

20K No CVEs
Gravity PDF

Gravity PDF

gravity-forms-pdf-extended

A
100

Automatically generate, email and download PDF documents from Gravity Forms entries

20K 1 CVE
Developer Profile

iContact for Gravity Forms Developer Profile

Zack Katz

23 plugins · 14K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect iContact for Gravity Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gravity-forms-icontact/css/gf_icontact_admin.css/wp-content/plugins/gravity-forms-icontact/js/gf_icontact_admin.js/wp-content/plugins/gravity-forms-icontact/images/icontact_wordpress_icon_32.png
Script Paths
/wp-content/plugins/gravity-forms-icontact/js/gf_icontact_admin.js
Version Parameters
gravity-forms-icontact/css/gf_icontact_admin.css?ver=gravity-forms-icontact/js/gf_icontact_admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
gfi_icontact_setting_section
HTML Comments
<!-- iContact Settings --><!-- iContact Feed -->
Data Attributes
data-feed_id
JS Globals
gf_icontact_admin
FAQ

Frequently Asked Questions about iContact for Gravity Forms