WP-Safety

Gravity Forms Táve add-on Security & Risk Analysis

wordpress.org/plugins/gravity-forms-tave-add-on

Connects your WordPress web site to your Táve account for collecting leads using the power of Gravity Forms.

30 active installs v2015.03.06 PHP + WP 4+ Updated Dec 12, 2015
gravity-formstave
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Gravity Forms Táve add-on Safe to Use in 2026?

Generally Safe

Score 85/100

Gravity Forms Táve add-on has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The "gravity-forms-tave-add-on" plugin, version 2015.03.06, exhibits a generally good security posture with several strong practices in place. The plugin demonstrates a commitment to secure coding by utilizing prepared statements for all SQL queries and incorporating nonce checks for its entry points. Furthermore, the absence of any known CVEs and a clean vulnerability history suggest a well-maintained codebase.

However, a significant concern arises from the presence of the `unserialize` function, which, if not handled with extreme care, can be a vector for object injection vulnerabilities. While the static analysis doesn't reveal any immediate taint flows related to this function in this specific scan, its mere presence warrants caution. Additionally, the plugin's output escaping is only 44% properly escaped, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities, especially if user-supplied data is rendered without adequate sanitization.

In conclusion, the plugin has a solid foundation with secure database interactions and entry point protections. The primary areas for improvement and increased vigilance are the potential risks associated with `unserialize` and the relatively low percentage of properly escaped output. Addressing these could further strengthen the plugin's security profile.

Key Concerns

  • Presence of unserialize function
  • Low percentage of properly escaped output
Vulnerabilities
None known

Gravity Forms Táve add-on Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Gravity Forms Táve add-on Release Timeline

v2015.03.06Current
v2015.03.04
v2014.12.04
v2014.04.18
Code Analysis
Analyzed Apr 16, 2026

Gravity Forms Táve add-on Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
9 prepared
Unescaped Output
23
18 escaped
Nonce Checks
6
Capability Checks
2
File Operations
0
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$tmpValue = unserialize(trim($entry[$tmpField["id"]]));tave.php:776

SQL Query Safety

100% prepared9 total queries

Output Escaping

44% escaped41 total outputs
Attack Surface

Gravity Forms Táve add-on Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_rg_update_feed_activetave.php:83
authwp_ajax_gf_select_tave_formtave.php:86
WordPress Hooks 6
actioninittave.php:26
filtermembers_get_capabilitiestave.php:54
filtergform_addon_navigationtave.php:57
filterplugin_action_linkstave.php:59
filtergform_tooltipstave.php:64
actiongform_post_submissiontave.php:92
Maintenance & Trust

Gravity Forms Táve add-on Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedDec 12, 2015
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs30
Alternatives

Gravity Forms Táve add-on Alternatives

Gravity Forms Zero Spam

Gravity Forms Zero Spam

gravity-forms-zero-spam

A
100

Enhance your Gravity Forms to include anti-spam measures originally based on the work of David Walsh's "Zero Spam" technique.

100K No CVEs
Gravity Booster – Styles & Layouts for Gravity Forms

Gravity Booster – Styles & Layouts for Gravity Forms

styles-and-layouts-for-gravity-forms

A
100

Gravity Booster - Styles and Layouts for Gravity Forms plugin lets you design and style Gravity Forms without CSS coding. You can also use it for addi …

40K No CVEs
Advanced Custom Fields: Gravity Forms Add-on

Advanced Custom Fields: Gravity Forms Add-on

acf-gravityforms-add-on

A
100

Provides an Advanced Custom Field which allows a WordPress user to select a Gravity Form as part of a field group configuration.

30K No CVEs
Event Tracking for Gravity Forms

Event Tracking for Gravity Forms

gravity-forms-google-analytics-event-tracking

A
92

Easily add event tracking using Gravity Forms and your Google Analytics or Google Tag Manager account. Supports Google Analytics v3 and Gravity Forms …

20K No CVEs
Gravity PDF

Gravity PDF

gravity-forms-pdf-extended

A
100

Automatically generate, email and download PDF documents from Gravity Forms entries

20K 1 CVE
Developer Profile

Gravity Forms Táve add-on Developer Profile

rowellr

2 plugins · 110 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Gravity Forms Táve add-on

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gravity-forms-tave-add-on/js/gf_tave.js/wp-content/plugins/gravity-forms-tave-add-on/css/gf_tave.css
Script Paths
js/gf_tave.js
Version Parameters
gravity-forms-tave-add-on/css/gf_tave.css?ver=gravity-forms-tave-add-on/js/gf_tave.js?ver=

HTML / DOM Fingerprints

CSS Classes
gf_tave_settings_inputgf_tave_error
HTML Comments
<!-- This program is free software; you can redistribute it and/or modifyThis program is distributed in the hope that it will be useful,You should have received a copy of the GNU General Public LicensePlugin starting point. Will load appropriate files+24 more
Data Attributes
gf_tave_uninstallgf_tave_submitgf_tave_apikeygf_tave_brandgf_tave_no_emailgf_tave_extra_fields+4 more
JS Globals
GFTavegf_tave_settings
FAQ

Frequently Asked Questions about Gravity Forms Táve add-on