WP-Safety

Gravity Forms Mad Mimi Add-on Security & Risk Analysis

wordpress.org/plugins/gravity-forms-mad-mimi

> This plugin requires the amazing Gravity Forms plugin and a Mad Mimi account.

10 active installs v2.0.2 PHP + WP 3.2+ Updated Feb 28, 2014
crmformformsgravitygravity-forms
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Gravity Forms Mad Mimi Add-on Safe to Use in 2026?

Generally Safe

Score 85/100

Gravity Forms Mad Mimi Add-on has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago
Risk Assessment

The "gravity-forms-mad-mimi" v2.0.2 plugin exhibits a generally positive security posture with a small attack surface and no recorded vulnerabilities. The static analysis indicates that the entry points, specifically the two AJAX handlers, are protected by nonce and capability checks, which is a good security practice. The high percentage of SQL queries using prepared statements and the absence of dangerous functions, file operations, and external HTTP requests are also strong indicators of secure coding. However, a concern arises from the taint analysis which identified one flow with an unsanitized path, even though it was not classified as critical or high severity. This flow represents a potential weakness that could be exploited if an attacker can manipulate the input leading to this path.

The vulnerability history is excellent, showing zero known CVEs. This suggests a well-maintained and secure codebase, or at least a history of prompt patching of any discovered issues. The lack of common vulnerability types further reinforces this. Despite the positive history and good practices in most areas, the presence of an unsanitized path flow, even if low severity in this analysis, is a weakness that warrants attention. The low percentage of properly escaped output (36%) is another area of concern, as it increases the risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is not properly handled before being displayed.

Key Concerns

  • Unsanitized path flow identified
  • Low output escaping percentage
Vulnerabilities
None known

Gravity Forms Mad Mimi Add-on Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Gravity Forms Mad Mimi Add-on Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
8 prepared
Unescaped Output
36
20 escaped
Nonce Checks
6
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

89% prepared9 total queries

Output Escaping

36% escaped56 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
edit_page (madmimi.php:522)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Gravity Forms Mad Mimi Add-on Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_rg_update_feed_activemadmimi.php:112
authwp_ajax_gf_select_madmimi_formmadmimi.php:113
WordPress Hooks 10
actionplugins_loadedmadmimi.beta.php:29
actioninitmadmimi.php:29
actionadmin_noticesmadmimi.php:49
actionadmin_noticesmadmimi.php:50
filterplugin_action_linksmadmimi.php:62
filtertransient_update_pluginsmadmimi.php:74
filtermembers_get_capabilitiesmadmimi.php:85
filtergform_addon_navigationmadmimi.php:88
filtergform_tooltipsmadmimi.php:101
actiongform_post_submissionmadmimi.php:118
Maintenance & Trust

Gravity Forms Mad Mimi Add-on Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41
Last updatedFeb 28, 2014
PHP min version
Downloads6K

Community Trust

Rating46/100
Number of ratings3
Active installs10
Alternatives

Gravity Forms Mad Mimi Add-on Alternatives

Gravity Forms Klaviyo Add-On

Gravity Forms Klaviyo Add-On

gf-klaviyo-add-on

A
92

Gravity Forms Klaviyo Add-On seamlessly integrates Gravity Forms with Klaviyo, enabling powerful email marketing automation.

1K No CVEs
WP Gravity Forms Salesforce

WP Gravity Forms Salesforce

gf-salesforce-crmperks

A
96

Gravity Forms Salesforce Add-on sends Gravity forms entries to salesforce CRM.

1K 3 CVEs
Contact Form 7 Gravity Forms Importer

Contact Form 7 Gravity Forms Importer

contact-form-7-gravity-forms

A
85

Convert Contact Form 7 forms into Gravity Forms forms.

200 No CVEs
WP Gravity Forms Dynamics CRM

WP Gravity Forms Dynamics CRM

gf-dynamics-crm

A
98

Gravity Forms Dynamics CRM Add-on sends Gravity Forms entries to Dynamics CRM Online.

200 2 CVEs
Gravity Forms Keap Feed

Gravity Forms Keap Feed

systasis-gf-infusionsoft-feed

A
100

Sync form submissions between Gravity Forms and Keap

100 No CVEs
Developer Profile

Gravity Forms Mad Mimi Add-on Developer Profile

Zack Katz

23 plugins · 14K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Gravity Forms Mad Mimi Add-on

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gravity-forms-madmimi/images/madmimi_wordpress_icon_32.png
Script Paths
gravity-forms-madmimi/madmimi.beta.phpgravity-forms-madmimi/madmimi.php
Version Parameters
gravity-forms-madmimi/madmimi.beta.php?ver=gravity-forms-madmimi/madmimi.php?ver=

HTML / DOM Fingerprints

Data Attributes
data-feed_iddata-action
JS Globals
KWSGFMadMimiAddon
FAQ

Frequently Asked Questions about Gravity Forms Mad Mimi Add-on