Does Gravity Forms Eway have any unpatched vulnerabilities?

No. All known vulnerabilities in Gravity Forms Eway have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Gravity Forms Eway compatible with WordPress 6.9.4?

According to WordPress.org data, Gravity Forms Eway 2.6.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Gravity Forms Eway compatible with PHP 7.4+?

Gravity Forms Eway requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Gravity Forms Eway updated?

Gravity Forms Eway was last updated on Dec 14, 2025. Frequent updates are generally a positive security signal.

What is Gravity Forms Eway's security score?

Gravity Forms Eway has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Gravity Forms Eway Security & Risk Analysis

wordpress.org/plugins/gravityforms-eway

Easily create online payment forms with Gravity Forms and Eway.

500 active installs v2.6.1 PHP 7.4+ WP 4.2+ Updated Dec 14, 2025

donationsecommerceewaygravity-formspayment-gateway

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Gravity Forms Eway Safe to Use in 2026?

Generally Safe

Score 100/100

Gravity Forms Eway has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The gravityforms-eway plugin v2.6.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and has no recorded historical vulnerabilities (CVEs). The absence of critical or high-severity taint flows is also reassuring. However, several areas raise concerns. The plugin has a single unprotected AJAX handler, which represents a significant attack surface entry point without proper authentication or authorization checks. Additionally, the output escaping is only 62% proper, indicating a potential for cross-site scripting (XSS) vulnerabilities in a substantial portion of its output handling. The presence of file operations and external HTTP requests, while not inherently insecure, warrants careful review to ensure they are handled safely and do not introduce further risks.

While the plugin's vulnerability history is clean, this should not be a sole indicator of its security. The static analysis reveals a clear risk in the unprotected AJAX handler and the moderate level of unescaped output. These findings suggest that while the developers are adhering to some security best practices like prepared statements, there are gaps in essential security controls like input validation and output sanitization for specific entry points. The overall risk is moderate, with the unprotected AJAX handler being the most pressing concern.

Key Concerns

Unprotected AJAX handler
Moderate percentage of unescaped output

Vulnerabilities

None known

Gravity Forms Eway Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Gravity Forms Eway Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

113 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

62% escaped182 total outputs

Attack Surface

1 unprotected

Gravity Forms Eway Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_gfeway_dismissincludes\class.GFEwayAdmin.php:31

WordPress Hooks 48

actionadmin_noticesgravityforms-eway.php:45

actionplugins_loadedincludes\bootstrap.php:30

actionadmin_initincludes\class.GFEwayAdmin.php:27

actionadmin_initincludes\class.GFEwayAdmin.php:28

filterplugin_row_metaincludes\class.GFEwayAdmin.php:29

filteradmin_enqueue_scriptsincludes\class.GFEwayAdmin.php:30

actiongform_payment_statusincludes\class.GFEwayAdmin.php:44

actiongform_after_update_entryincludes\class.GFEwayAdmin.php:45

filtergform_enable_entry_info_payment_detailsincludes\class.GFEwayAdmin.php:48

actiongform_payment_detailsincludes\class.GFEwayAdmin.php:49

actionadmin_noticeincludes\class.GFEwayAdmin.php:151

actionadmin_print_footer_scriptsincludes\class.GFEwayAdmin.php:152

actionplugins_loadedincludes\class.GFEwayPlugin.php:45

actioninitincludes\class.GFEwayPlugin.php:46

actionwp_enqueue_scriptsincludes\class.GFEwayPlugin.php:73

actiongform_preview_footerincludes\class.GFEwayPlugin.php:74

actiongform_enqueue_scriptsincludes\class.GFEwayPlugin.php:77

filtergform_logging_supportedincludes\class.GFEwayPlugin.php:78

filtergform_pre_renderincludes\class.GFEwayPlugin.php:79

filtergform_pre_renderincludes\class.GFEwayPlugin.php:80

filtergform_admin_pre_renderincludes\class.GFEwayPlugin.php:81

actiongform_enable_credit_card_fieldincludes\class.GFEwayPlugin.php:82

filtergform_pre_validationincludes\class.GFEwayPlugin.php:83

filtergform_validationincludes\class.GFEwayPlugin.php:84

actiongform_entry_post_saveincludes\class.GFEwayPlugin.php:85

filtergform_custom_merge_tagsincludes\class.GFEwayPlugin.php:86

filtergform_replace_merge_tagsincludes\class.GFEwayPlugin.php:87

filtergform_entry_metaincludes\class.GFEwayPlugin.php:88

actiongform_preview_footerincludes\class.GFEwayPlugin.php:125

filtergform_form_tagincludes\class.GFEwayPlugin.php:161

filtergform_field_contentincludes\class.GFEwayPlugin.php:162

actioninitincludes\class.GFEwayRecurringField.php:19

actionwp_enqueue_scriptsincludes\class.GFEwayRecurringField.php:22

actionadmin_enqueue_scriptsincludes\class.GFEwayRecurringField.php:23

actiongform_enqueue_scriptsincludes\class.GFEwayRecurringField.php:26

actiongform_editor_jsincludes\class.GFEwayRecurringField.php:27

actiongform_field_standard_settingsincludes\class.GFEwayRecurringField.php:28

filtergform_add_field_buttonsincludes\class.GFEwayRecurringField.php:29

filtergform_field_css_classincludes\class.GFEwayRecurringField.php:30

filtergform_field_type_titleincludes\class.GFEwayRecurringField.php:31

filtergform_field_inputincludes\class.GFEwayRecurringField.php:32

filtergform_pre_validationincludes\class.GFEwayRecurringField.php:33

filtergform_field_validationincludes\class.GFEwayRecurringField.php:34

filtergform_tooltipsincludes\class.GFEwayRecurringField.php:35

filtergform_pre_submissionincludes\class.GFEwayRecurringField.php:36

filtergform_field_css_classincludes\class.GFEwayRecurringField.php:39

filtergform_duplicate_field_linkincludes\class.GFEwayRecurringField.php:313

actionadmin_noticesincludes\class.Requires.php:23

Maintenance & Trust

Gravity Forms Eway Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 14, 2025

PHP min version7.4

Downloads31K

Community Trust

Rating96/100

Number of ratings10

Active installs500

Alternatives

Gravity Forms Eway Alternatives

SmartPay

smartpay

Sell digital downloads and accept payments including donations easily with Stripe, PayPal, Paddle etc. - simple, fast, and secure.

100 2 CVEs

Opayo Form Payment Gateway for Gravity Forms

sagepay-form-payment-gateway-for-gravity-forms

Opayo Server Gateway for accepting payments on your Gravity Forms Store.

90 No CVEs

Click & Pledge for Gravity Forms

gravity-forms-click-pledge

100

Add a credit card payment gateway for Click & Pledge to the Gravity Forms plugin

30 No CVEs

Marketing 360® Payments for Gravity Forms

marketing-360-payments-for-gravity-forms

100

Create online payment forms with Gravity Forms and Marketing 360®, the #1 Marketing Platform® for Small Business.

10 No CVEs

Mijireh Checkout for Gravity Forms

mijireh-checkout-for-gravity-forms

Mijireh Checkout Plugin for accepting payments on with your Gravity Forms.

10 No CVEs

Developer Profile

Gravity Forms Eway Developer Profile

webaware

13 plugins · 153K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

1595 days

View full developer profile

Detection Fingerprints

How We Detect Gravity Forms Eway

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gravityforms-eway/static/css/admin.css/wp-content/plugins/gravityforms-eway/static/css/admin.min.css

Version Parameters

gravityforms-eway/static/css/admin.css?ver=gravityforms-eway/static/css/admin.min.css?ver=

HTML / DOM Fingerprints

CSS Classes

gfeway-settings-page

Data Attributes

data-gfeway-field

JS Globals

gfeway

FAQ