Does Live Summary for Gravity Forms have any unpatched vulnerabilities?

No. All known vulnerabilities in Live Summary for Gravity Forms have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Live Summary for Gravity Forms compatible with WordPress 6.7.5?

According to WordPress.org data, Live Summary for Gravity Forms 1.2.9 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Live Summary for Gravity Forms compatible with PHP 7.0+?

Live Summary for Gravity Forms requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Live Summary for Gravity Forms updated?

Live Summary for Gravity Forms was last updated on Jan 7, 2025. Frequent updates are generally a positive security signal.

What is Live Summary for Gravity Forms's security score?

Live Summary for Gravity Forms has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Live Summary for Gravity Forms Security & Risk Analysis

wordpress.org/plugins/live-summary-for-gravity-forms

This simple and handy plugin will add a live summary next to any gravity form. No coding required.

2K active installs v1.2.9 PHP 7.0+ WP 4.7+ Updated Jan 7, 2025

gravity-formsgravity-summarygravityformslive-summaryorder-summary

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Live Summary for Gravity Forms Safe to Use in 2026?

Generally Safe

Score 92/100

Live Summary for Gravity Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The 'live-summary-for-gravity-forms' plugin exhibits a concerning security posture primarily due to its large attack surface without adequate authentication. All six identified AJAX handlers lack authentication checks, creating a significant risk for unauthorized actions. While the plugin avoids dangerous functions and uses prepared statements for SQL queries, this strength is overshadowed by the critical lack of authorization. The taint analysis, although limited, did not reveal unsanitized paths with high severity, which is a positive sign. However, the static analysis highlights that only 41% of output is properly escaped, suggesting potential cross-site scripting (XSS) vulnerabilities in certain scenarios. The plugin's vulnerability history is clean, with no known CVEs, which indicates a historical tendency towards secure development or simply a lack of past exploitation. Despite the absence of known vulnerabilities and the use of prepared SQL statements, the unprotected AJAX endpoints represent a substantial and direct security risk that needs immediate attention. The overall assessment is that while the plugin has some good practices, the unprotected attack surface is a critical weakness that demands mitigation.

Key Concerns

Multiple AJAX handlers lack authentication
Low percentage of properly escaped output
No nonce checks on AJAX handlers

Vulnerabilities

None known

Live Summary for Gravity Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Live Summary for Gravity Forms Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

9 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

41% escaped22 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

gravity_summary_retrieve_field_object (retrieve-summary-fields.php:291)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Live Summary for Gravity Forms Attack Surface

Entry Points6

Unprotected6

AJAX Handlers 6

authwp_ajax_gotrgf_retrieve_gravity_summary_fieldsclass-gravitysummaryaddon.php:117

noprivwp_ajax_gotrgf_retrieve_gravity_summary_fieldsclass-gravitysummaryaddon.php:118

authwp_ajax_gotrgf_gravity_summary_retrieve_field_objectclass-gravitysummaryaddon.php:120

noprivwp_ajax_gotrgf_gravity_summary_retrieve_field_objectclass-gravitysummaryaddon.php:121

authwp_ajax_gotrgf_gravity_summary_format_moneyclass-gravitysummaryaddon.php:123

noprivwp_ajax_gotrgf_gravity_summary_format_moneyclass-gravitysummaryaddon.php:124

WordPress Hooks 13

actionadmin_headclass-gravitysummaryaddon.php:169

actionwp_headclass-gravitysummaryaddon.php:170

filtergform_confirmationclass-gravitysummaryaddon.php:201

actionenqueue_block_editor_assetsclass-gravitysummaryaddon.php:222

actionadmin_enqueue_scriptsclass-gravitysummaryaddon.php:239

actiongform_field_standard_settingsclass-gravitysummaryaddon.php:247

actiongform_editor_jsclass-gravitysummaryaddon.php:272

filtergform_tooltipsclass-gravitysummaryaddon.php:305

actiongform_enqueue_scriptsclass-gravitysummaryaddon.php:427

actiongform_register_init_scriptsclass-gravitysummaryaddon.php:539

filtergform_get_form_filterclass-gravitysummaryaddon.php:573

actiongform_loadedgf-summary-addon.php:81

actionplugins_loadedretrieve-summary-fields.php:357

Maintenance & Trust

Live Summary for Gravity Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJan 7, 2025

PHP min version7.0

Downloads13K

Community Trust

Rating100/100

Number of ratings18

Active installs2K

Alternatives

Live Summary for Gravity Forms Alternatives

GravityExport Lite for Gravity Forms

gf-entries-in-excel

100

Export all Gravity Forms entries to Excel (.xlsx) or CSV via a download button or a secret shareable URL.

10K No CVEs

Multiple Columns for Gravity Forms

gf-form-multicolumn

Introduces new form elements into Gravity Forms which allow for simple column creation.

10K No CVEs

Surbma | Divi & Gravity Forms

surbma-divi-gravity-forms

Responsive Divi form styles for Gravity Forms.

9K No CVEs

Fresh Forms for Gravity

fresh-forms-for-gravity

100

Prevent supported caching and JS optimization plugins breaking Gravity Forms.

3K No CVEs

Divi Gravity Forms (WP Tools)

wp-tools-gravity-forms-divi-module

100

Divi 4 & 5 module to integrate Gravity Forms. Create custom-designed forms for your website using extensive style customization options, no coding …

2K No CVEs

Developer Profile

Live Summary for Gravity Forms Developer Profile

geekontheroad

1 plugin · 2K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Live Summary for Gravity Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/live-summary-for-gravity-forms/js/summary-change.js/wp-content/plugins/live-summary-for-gravity-forms/images/live-summary-upgrade-banner.jpg

Script Paths

/wp-content/plugins/live-summary-for-gravity-forms/js/summary-change.js

Version Parameters

live-summary-for-gravity-forms/style.css?ver=live-summary-for-gravity-forms/js/summary-change.js?ver=

HTML / DOM Fingerprints

CSS Classes

gotrgf-summary-containergotrgf-summary-headinggotrgf-summary-itemgotrgf-summary-quantitygotrgf-summary-pricegotrgf-summary-total

HTML Comments

<!-- add tasks or filters here that you want to perform during the class constructor - before WordPress has been completely initialized -->

+3 more

Data Attributes

data-form-iddata-target-fielddata-field-typedata-field-iddata-gf-summary-field

JS Globals

frontendajax

REST Endpoints

/wp-json/gotrgf/v1/retrieve-fields/wp-json/gotrgf/v1/retrieve-field-object/wp-json/gotrgf/v1/format-money

FAQ