WP-Safety

Signature Add-On for Gravity Forms Security & Risk Analysis

wordpress.org/plugins/gravity-signature-forms-add-on

Automatically generate a legally binding & court recognized contract from a Gravity Forms submission. Proposals. Time sheets. Contracts.

1K active installs v1.8.8 PHP + WP 4.5+ Updated Jan 5, 2026
digital-signaturee-signaturee-signatureselectronic-signaturegravityforms
99
A · Safe
CVEs total1
Unpatched0
Last CVEDec 31, 2025
Plugin page Download
Safety Verdict

Is Signature Add-On for Gravity Forms Safe to Use in 2026?

Generally Safe

Score 99/100

Signature Add-On for Gravity Forms has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Dec 31, 2025Updated 4mo ago
Risk Assessment

The "gravity-signature-forms-add-on" plugin, version 1.8.8, exhibits a generally strong security posture, with notable strengths in its handling of SQL queries and output escaping. The absence of dangerous functions, external HTTP requests, and any critical or high-severity taint flows are positive indicators. Furthermore, the plugin demonstrates a commitment to security by implementing nonce and capability checks on a majority of its entry points, and all identified SQL queries utilize prepared statements, mitigating common injection risks. However, a past medium-severity vulnerability of the "Missing Authorization" type, albeit no longer unpatched, suggests a historical weakness that warrants attention and continued vigilance. While the current analysis shows no immediate critical flaws, the presence of a past authorization vulnerability, even if resolved, means users should remain aware of the potential for such issues. The plugin's small attack surface and good security practices overall present a low immediate risk, but the historical vulnerability should be considered in a comprehensive security strategy.

Key Concerns

  • Past medium vulnerability (Missing Authorization)
Vulnerabilities
1 published

Signature Add-On for Gravity Forms Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-62099medium · 4.3Missing Authorization

Signature Add-On for Gravity Forms <= 1.8.6 - Missing Authorization

Dec 31, 2025 Patched in 1.8.7 (6d)
Version History

Signature Add-On for Gravity Forms Release Timeline

v1.8.8Current
v1.8.7
v1.8.61 CVE
CVE-2025-62099
v1.8.51 CVE
CVE-2025-62099
v1.8.41 CVE
CVE-2025-62099
v1.8.31 CVE
CVE-2025-62099
v1.8.21 CVE
CVE-2025-62099
v1.8.11 CVE
CVE-2025-62099
v1.8.01 CVE
CVE-2025-62099
v1.7.91 CVE
CVE-2025-62099
v1.7.8.21 CVE
CVE-2025-62099
v1.7.8.11 CVE
CVE-2025-62099
v1.7.81 CVE
CVE-2025-62099
v1.7.71 CVE
CVE-2025-62099
v1.7.61 CVE
CVE-2025-62099
v1.7.4.11 CVE
CVE-2025-62099
v1.7.41 CVE
CVE-2025-62099
v1.7.31 CVE
CVE-2025-62099
v1.7.2.11 CVE
CVE-2025-62099
v1.7.21 CVE
CVE-2025-62099
Code Analysis
Analyzed Mar 16, 2026

Signature Add-On for Gravity Forms Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
26
156 escaped
Nonce Checks
2
Capability Checks
7
File Operations
3
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

86% escaped182 total outputs
Attack Surface

Signature Add-On for Gravity Forms Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 2

authwp_ajax_esig_gravity_form_fieldsadmin\esig-gravity-form-admin.php:60
authwp_ajax_esig_gravity_ratting_widget_removeadmin\rating-widget\esign-rating-widget.php:44

Shortcodes 1

[esiggravity] admin\esig-gravity-form-admin.php:57
WordPress Hooks 32
actionadmin_noticesadmin\about\autoload.php:27
actionesig_admin_noticesadmin\about\autoload.php:30
actionin_admin_headeradmin\about\autoload.php:84
actionadmin_menuadmin\about\includes\esig-about-load.php:30
filteresig_document_title_filteradmin\esig-gravity-filters.php:16
filteresig_strip_shortcodes_tagnamesadmin\esig-gravity-filters.php:17
filteresig_document_clone_render_contentadmin\esig-gravity-filters.php:20
actionadmin_enqueue_scriptsadmin\esig-gravity-form-admin.php:45
filteresig_admin_more_document_contentsadmin\esig-gravity-form-admin.php:51
filteresig_sif_buttons_filteradmin\esig-gravity-form-admin.php:53
filteresig_text_editor_sif_menuadmin\esig-gravity-form-admin.php:54
actionadmin_initadmin\esig-gravity-form-admin.php:67
filtergform_confirmationadmin\esig-gravity-form-admin.php:71
filtergform_confirmationadmin\esig-gravity-form-admin.php:73
filtershow_sad_invite_linkadmin\esig-gravity-form-admin.php:75
filteresig_invite_not_sentadmin\esig-gravity-form-admin.php:77
actionesig_signature_loadedadmin\esig-gravity-form-admin.php:79
actionesig_agreement_after_displayadmin\esig-gravity-form-admin.php:80
actionwoocommerce_add_to_cartadmin\esig-gravity-form-admin.php:82
actionesig_admin_noticesadmin\rating-widget\esign-rating-widget.php:41
actionadmin_enqueue_scriptsadmin\rating-widget\esign-rating-widget.php:42
actionadmin_enqueue_scriptsadmin\rating-widget\esign-rating-widget.php:43
actionplugins_loadedgravity-signature-forms-addon.php:58
actionplugins_loadedgravity-signature-forms-addon.php:59
actionplugins_loadedgravity-signature-forms-addon.php:62
actionplugins_loadedgravity-signature-forms-addon.php:75
filterplugin_row_metagravity-signature-forms-addon.php:91
actiongform_loadedgravity-signature-forms-addon.php:93
filtergform_disable_address_map_linkincludes\esig-gf-generate-value.php:262
actioninitincludes\esig-gravity-form.php:49
actionadmin_initincludes\esig-gravity-form.php:51
actionafter_plugin_rowincludes\esig-gravity-form.php:54
Maintenance & Trust

Signature Add-On for Gravity Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 5, 2026
PHP min version
Downloads126K

Community Trust

Rating78/100
Number of ratings21
Active installs1K
Alternatives

Signature Add-On for Gravity Forms Alternatives

Signature Add-On for WooCommerce

Signature Add-On for WooCommerce

woocommerce-digital-signature

A
100

Automatically require your WooCommerce customers to sign a legally binding contract before downloading your product. Easy to Use.

1K No CVEs
NEX-Forms ADD ON – Digital Signatures

NEX-Forms ADD ON – Digital Signatures

nex-forms-digital-signatures-add-on

A
100

Easily add Digital / E-Signature fields to your forms. Capture signatures with submissions and automatically include them in emails and PDF exports.

700 No CVEs
Ninja Forms Signature Contract Add-On

Ninja Forms Signature Contract Add-On

ninja-signature-contract-forms-add-on

A
100

Instantly produce a legally enforceable & court recognized contract from a Ninja Form submission. Signature Pad Contracts. Proposals.

400 No CVEs
Electronic Signature

Electronic Signature

electronic-signatures

A
85

This plugin helps integrate Electronic Signature on SwiftCloud.ai with Wordpress.

100 No CVEs
GM Digital Signature for Wpforms

GM Digital Signature for Wpforms

digital-signature-for-wpforms

A
100

Add a secure digital signature field to WPForms. Collect legally binding e-signatures on contracts, consent forms, and agreements — directly on your W &hellip;

90 No CVEs
Developer Profile

Signature Add-On for Gravity Forms Developer Profile

approveme

10 plugins · 4K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
15 days
View full developer profile
Detection Fingerprints

How We Detect Signature Add-On for Gravity Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gravity-signature-forms-add-on/assets/css/esig-about-alert.css/wp-content/plugins/gravity-signature-forms-add-on/assets/css/esig-gravity-form-admin.css/wp-content/plugins/gravity-signature-forms-add-on/assets/js/esig-gravity-form-admin.js/wp-content/plugins/gravity-signature-forms-add-on/assets/js/esig-gravity-form-scripts.js/wp-content/plugins/gravity-signature-forms-add-on/assets/js/esig-gravity-form-settings.js/wp-content/plugins/gravity-signature-forms-add-on/assets/js/esig-gravity-form-validate.js
Script Paths
/wp-content/plugins/gravity-signature-forms-add-on/admin/esig-gravity-form-admin.php/wp-content/plugins/gravity-signature-forms-add-on/includes/esig-gf-functions.php/wp-content/plugins/gravity-signature-forms-add-on/includes/esig-gravity-form.php/wp-content/plugins/gravity-signature-forms-add-on/admin/about/autoload.php/wp-content/plugins/gravity-signature-forms-add-on/includes/esig-gf-generate-value.php/wp-content/plugins/gravity-signature-forms-add-on/includes/esig-gravity-settings.php+4 more
Version Parameters
gravity-signature-forms-add-on/gravity-signature-forms-add-on.php?ver=

HTML / DOM Fingerprints

CSS Classes
esig-about-alertbangBar
HTML Comments
<!-- @package WP E-Signature - Gravity Form --><!-- @contributors Kevin Michael Gray (Approve Me), Abu Shoaib (Approve Me) --><!-- @wordpress-plugin --><!-- If this file is called directly, abort. -->+13 more
Data Attributes
esig-icon-cssesig-gravity-form-admin.jsesig-gravity-form-scripts.jsesig-gravity-form-settings.jsesig-gravity-form-validate.jsesig-gf-functions.php+6 more
JS Globals
esig_gf_getesig_get_activation_state
FAQ

Frequently Asked Questions about Signature Add-On for Gravity Forms