WP-Safety

Gravity Forms: Multiple Form Instances Security & Risk Analysis

wordpress.org/plugins/gravity-forms-multiple-form-instances

Allows multiple instances of the same form to be run on a single page when using AJAX.

800 active installs v1.1.2 PHP + WP 3.0.1+ Updated Jul 9, 2024
formgravitygravity-formsmultiple
91
A · Safe
CVEs total1
Unpatched0
Last CVEJul 9, 2024
Plugin page Download
Safety Verdict

Is Gravity Forms: Multiple Form Instances Safe to Use in 2026?

Generally Safe

Score 91/100

Gravity Forms: Multiple Form Instances has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 9, 2024Updated 1yr ago
Risk Assessment

The static analysis of gravity-forms-multiple-form-instances v1.1.2 reveals a strong adherence to secure coding practices. The plugin exhibits zero unprotected entry points, no dangerous function usage, and all SQL queries are properly prepared. Output escaping is also handled correctly, and there are no file operations or external HTTP requests, significantly reducing the attack surface. The absence of any taint analysis findings further indicates a clean codebase from a data flow perspective.

However, the plugin's vulnerability history presents a significant concern. While there are no currently unpatched vulnerabilities, the existence of one known CVE, specifically related to "Exposure of Sensitive Information to an Unauthorized Actor," is notable. The fact that this vulnerability was recently addressed (2024-07-09) suggests that while the current version may be patched, users could have been exposed prior to updating, or there's a potential for similar issues if development practices aren't rigorously maintained. The single medium severity CVE, although patched, highlights a past weakness that warrants continued vigilance.

In conclusion, the current codebase for gravity-forms-multiple-form-instances v1.1.2 demonstrates excellent static security. The absence of immediate code-level risks is a strength. The primary concern stems from its vulnerability history, specifically the past exposure of sensitive information. This necessitates a proactive approach to security monitoring and prompt updating to mitigate any residual risks associated with past vulnerabilities.

Key Concerns

  • One past medium severity CVE
  • No capability checks found
  • No nonce checks found
Vulnerabilities
1

Gravity Forms: Multiple Form Instances Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-6550medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Gravity Forms: Multiple Form Instances <= 1.1.1 - Unauthenticated Full Path Disclosure

Jul 9, 2024 Patched in 1.1.2 (1d)
Code Analysis
Analyzed Mar 16, 2026

Gravity Forms: Multiple Form Instances Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
1 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped1 total outputs
Attack Surface

Gravity Forms: Multiple Form Instances Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 2
filtergform_get_form_filtergravityforms-multiple-form-instances.php:28
filtergform_confirmationgravityforms-multiple-form-instances.php:29
Maintenance & Trust

Gravity Forms: Multiple Form Instances Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedJul 9, 2024
PHP min version
Downloads24K

Community Trust

Rating96/100
Number of ratings24
Active installs800
Alternatives

Gravity Forms: Multiple Form Instances Alternatives

Multiple Columns for Gravity Forms

Multiple Columns for Gravity Forms

gf-form-multicolumn

A
85

Introduces new form elements into Gravity Forms which allow for simple column creation.

10K No CVEs
Multiple Form Instances Add-on for Gravity Forms

Multiple Form Instances Add-on for Gravity Forms

multiple-gf-form-on-single-page

A
100

Run multiple instances of the same form on one page (with AJAX) without conflicts. An unofficial add-on for Gravity Forms.

800 No CVEs
SV Gravity Forms Enhancer

SV Gravity Forms Enhancer

sv-gravity-forms-enhancer

A
85

Improves Gravity Forms in various ways.

10 No CVEs
Gravity Forms Zero Spam

Gravity Forms Zero Spam

gravity-forms-zero-spam

A
100

Enhance your Gravity Forms to include anti-spam measures originally based on the work of David Walsh's "Zero Spam" technique.

100K No CVEs
Gravity Booster – Styles & Layouts for Gravity Forms

Gravity Booster – Styles & Layouts for Gravity Forms

styles-and-layouts-for-gravity-forms

A
100

Gravity Booster - Styles and Layouts for Gravity Forms plugin lets you design and style Gravity Forms without CSS coding. You can also use it for addi &hellip;

40K No CVEs
Developer Profile

Gravity Forms: Multiple Form Instances Developer Profile

Marin Atanasov

7 plugins · 4K total installs

90
trust score
Avg Security Score
86/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Gravity Forms: Multiple Form Instances

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
gform_wrapper_original_id_
Data Attributes
name='gform_random_id'name='gform_field_values'
JS Globals
window['gf_form_conditional_logic']gf_global["number_formats"]
FAQ

Frequently Asked Questions about Gravity Forms: Multiple Form Instances