List-Forms for Gravity Security & Risk Analysis
wordpress.org/plugins/list-forms-for-gravityView Description for each Forms on List-Forms.
Is List-Forms for Gravity Safe to Use in 2026?
Generally Safe
Score 92/100List-Forms for Gravity has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The plugin "list-forms-for-gravity" v3.6 exhibits a mixed security posture. On the positive side, the static analysis reveals excellent practices in SQL query handling, output escaping, and a lack of dangerous functions or file operations. The absence of known vulnerabilities in its history is also a significant strength, suggesting a generally well-maintained codebase.
However, a critical concern arises from the presence of a single AJAX handler that lacks authentication checks. This represents a direct entry point into the plugin's functionality that could be exploited by unauthenticated users. While no critical or high severity taint flows were detected, this unprotected AJAX endpoint is a significant security weakness that could potentially lead to unintended actions or data exposure if not properly secured.
In conclusion, while the plugin demonstrates strong defensive coding in many areas and has a clean vulnerability history, the unprotected AJAX endpoint introduces a notable risk. Addressing this single point of entry with appropriate authentication and authorization checks should be the immediate priority to significantly improve the plugin's overall security.
Key Concerns
- AJAX handler without authentication check
List-Forms for Gravity Security Vulnerabilities
List-Forms for Gravity Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
List-Forms for Gravity Attack Surface
AJAX Handlers 1
WordPress Hooks 8
Maintenance & Trust
List-Forms for Gravity Maintenance & Trust
Maintenance Signals
Community Trust
List-Forms for Gravity Alternatives
Gravity Forms Email Blacklist
gravity-forms-email-blacklist
Add-on for Gravity Forms to create a Blacklisting of specific emails or domains for the Email input field to throw a validation error or mark as spam.
Contact Listing for WP Job Manager
wp-job-manager-contact-listing
Allow sites using the WP Job Manager plugin to contact listings via their favorite form builder plugin.
Gravity Forms Block Email Domains
gf-block-email-domains
Easily set a list of email domains to block on email fields in Gravity Forms.
Description List Block
description-list-block
Displays a description list using the dl element consist of a series of term and description pairs (dt, dd).
Exact Match Disallowed Comment & Contact Forms
exact-match-disallowed-comment-contact-forms
Change the default WordPress comment blocklist functionality to exact match and save entries marked as spam for review.
List-Forms for Gravity Developer Profile
15 plugins · 2K total installs
How We Detect List-Forms for Gravity
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/list-forms-for-gravity/style.css/wp-content/plugins/list-forms-for-gravity/includes/gravity-list-forms_gf.js/wp-content/plugins/list-forms-for-gravity/includes/gravity-list-forms_gv.js/wp-content/plugins/list-forms-for-gravity/includes/gravity-list-forms_gf.js/wp-content/plugins/list-forms-for-gravity/includes/gravity-list-forms_gv.jsHTML / DOM Fingerprints
list-forms-gravity_description_gvname="list-forms-gravity_description_gv"id="list-forms-gravity_description_gv"ListFormsGravity_Params