WP-Safety

Gravity Forms To Excel AddOn Security & Risk Analysis

wordpress.org/plugins/gravity-forms-to-excel-addon

Gravity Forms AddOn which saves form data into a given Excel document and attaches it to notification emails

70 active installs v0.1.5.2 PHP + WP 3.7+ Updated Mar 5, 2016
attachmentexcelexcel-exportformsgravityforms
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Gravity Forms To Excel AddOn Safe to Use in 2026?

Generally Safe

Score 85/100

Gravity Forms To Excel AddOn has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The "gravity-forms-to-excel-addon" v0.1.5.2 exhibits a generally strong security posture with no recorded vulnerabilities and a high percentage of properly escaped output. The absence of external HTTP requests and the use of prepared statements for all SQL queries are excellent security practices. However, the presence of 11 instances of the `unserialize` function is a significant concern, as it can lead to Remote Code Execution if not handled with extreme care and proper input validation. The lack of nonce checks and capability checks on any entry points, though the static analysis reports zero unprotected entry points, warrants further investigation. This plugin's vulnerability history being completely clear is a positive sign, suggesting diligent development or perhaps limited exposure. Overall, while the plugin demonstrates good core security practices, the identified use of `unserialize` without apparent safeguards presents a notable risk that requires careful consideration and potentially remediation.

Key Concerns

  • Dangerous function 'unserialize' used
  • No nonce checks implemented
  • No capability checks implemented
Vulnerabilities
None known

Gravity Forms To Excel AddOn Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Gravity Forms To Excel AddOn Code Analysis

Dangerous Functions
11
Raw SQL Queries
0
7 prepared
Unescaped Output
5
80 escaped
Nonce Checks
0
Capability Checks
0
File Operations
181
External Requests
0
Bundled Libraries
2

Dangerous Functions Found

unserialize$this->_currentObject = unserialize($obj);includes\PHPExcel\CachedObjectStorage\APC.php:156
unserialize$this->_currentObject = unserialize(fread($this->_fileHandle,$this->_cellCache[$pCoord]['sz']));includes\PHPExcel\CachedObjectStorage\DiscISAM.php:126
unserialize$this->_currentObject = unserialize($obj);includes\PHPExcel\CachedObjectStorage\Memcache.php:160
unserialize$this->_currentObject = unserialize(gzinflate($this->_cellCache[$pCoord]));includes\PHPExcel\CachedObjectStorage\MemoryGZip.php:98
unserialize$this->_currentObject = unserialize($this->_cellCache[$pCoord]);includes\PHPExcel\CachedObjectStorage\MemorySerialized.php:98
unserialize$this->_currentObject = unserialize(fread($this->_fileHandle,$this->_cellCache[$pCoord]['sz']));includes\PHPExcel\CachedObjectStorage\PHPTemp.php:118
unserialize$this->_currentObject = unserialize($cellResult);includes\PHPExcel\CachedObjectStorage\SQLite.php:118
unserialize$this->_currentObject = unserialize($cellData['value']);includes\PHPExcel\CachedObjectStorage\SQLite3.php:150
unserialize$this->_currentObject = unserialize($obj);includes\PHPExcel\CachedObjectStorage\Wincache.php:160
unserialize$this->{$key} = unserialize(serialize($val));includes\PHPExcel\Worksheet.php:2839
unserialize$this->{$key} = unserialize(serialize($val));includes\PHPExcel.php:866

Bundled Libraries

dompdfTCPDF

SQL Query Safety

100% prepared7 total queries

Output Escaping

94% escaped85 total outputs
Attack Surface

Gravity Forms To Excel AddOn Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 4
filterupload_mimesgf2excel-addon.php:85
actionadmin_enqueue_scriptsgf2excel-addon.php:104
filtergform_notificationgf2excel-addon.php:190
actiongform_after_submissiongf2excel-addon.php:226
Maintenance & Trust

Gravity Forms To Excel AddOn Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedMar 5, 2016
PHP min version
Downloads9K

Community Trust

Rating80/100
Number of ratings4
Active installs70
Alternatives

Gravity Forms To Excel AddOn Alternatives

GravityExport Lite for Gravity Forms

GravityExport Lite for Gravity Forms

gf-entries-in-excel

A
100

Export all Gravity Forms entries to Excel (.xlsx) or CSV via a download button or a secret shareable URL.

10K No CVEs
Gravity Forms: Notification Attachments

Gravity Forms: Notification Attachments

gravity-forms-notification-attachments

A
85

A WordPress addon for Gravity Forms to add attachments to notification emails.

600 No CVEs
Import Excel to Gravity Forms

Import Excel to Gravity Forms

gf-excel-import

A
90

Bulk Import of Records from Excel (CSV) files for "Gravity Forms" with Validation and Internal Logic support.

100 1 CVE
گرویتی فرم فارسی

گرویتی فرم فارسی

persian-gravity-forms

A
100

بسته کامل فارسی ساز گرویتی فرم

30K No CVEs
Fluent Forms PDF Generator

Fluent Forms PDF Generator

fluentforms-pdf

A
100

Generate PDF from Your Form Submissions and Download/Email Them

20K 1 CVE
Developer Profile

Gravity Forms To Excel AddOn Developer Profile

Dieter Pfenning

1 plugin · 70 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Gravity Forms To Excel AddOn

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gravity-forms-to-excel-addon/script.js
Script Paths
script.js
Version Parameters
gf2excel-addon/script.js?ver=0.1.1

HTML / DOM Fingerprints

JS Globals
objectL10n
FAQ

Frequently Asked Questions about Gravity Forms To Excel AddOn