WP-Safety

Omnisend for Gravity Forms Add-On Security & Risk Analysis

wordpress.org/plugins/omnisend-for-gravity-forms-add-on

Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS by Omnisend

200 active installs v1.2.8 PHP 7.1+ WP 4.7.0+ Updated Jan 6, 2026
email-marketingformgravity-formssubscriber-collectionweb-tracking
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Omnisend for Gravity Forms Add-On Safe to Use in 2026?

Generally Safe

Score 100/100

Omnisend for Gravity Forms Add-On has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The Omnisend for Gravity Forms Add-On v1.2.8 presents a mixed security profile. On the positive side, the plugin demonstrates good practices regarding database interactions, with 100% of SQL queries utilizing prepared statements, and it reports no known vulnerabilities (CVEs) or past security incidents, suggesting a generally stable and secure history. The attack surface appears to be minimal, with no identified AJAX handlers, REST API routes, shortcodes, or cron events, and importantly, no unprotected entry points.

However, several areas raise concerns. The output escaping is notably weak, with only 22% of outputs being properly escaped. This could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not adequately sanitized before being displayed. Furthermore, the complete absence of nonce checks and capability checks, despite the presence of file operations, indicates potential privilege escalation or unauthorized file manipulation risks. The lack of taint analysis data is not necessarily a positive sign; it could imply that the analysis tools were not configured correctly or that the analysis itself was limited, rather than a true absence of potential taint flows.

Overall, while the plugin boasts a clean vulnerability history and a small attack surface, the significant issues with output escaping and the lack of authentication and authorization checks on sensitive operations like file handling are critical weaknesses. These factors necessitate careful review and potential remediation to ensure robust security.

Key Concerns

  • Insufficient output escaping
  • Missing nonce checks
  • Missing capability checks
  • File operations without auth checks
Vulnerabilities
None known

Omnisend for Gravity Forms Add-On Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Omnisend for Gravity Forms Add-On Release Timeline

v1.2.8Current
v1.2.7
v1.2.6
v1.2.5
v1.2.4
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.1.1
v1.1.0
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Mar 16, 2026

Omnisend for Gravity Forms Add-On Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
7
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

22% escaped9 total outputs
Attack Surface

Omnisend for Gravity Forms Add-On Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 2
actiongform_loadedclass-omnisend-addon-bootstrap.php:26
actiongform_after_submissionclass-omnisendaddon.php:75
Maintenance & Trust

Omnisend for Gravity Forms Add-On Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 6, 2026
PHP min version7.1
Downloads5K

Community Trust

Rating0/100
Number of ratings0
Active installs200
Alternatives

Omnisend for Gravity Forms Add-On Alternatives

Omnisend for Contact Form 7 Add-On

Omnisend for Contact Form 7 Add-On

omnisend-for-contact-form-7

A
100

Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS by Omnisend

500 No CVEs
Omnisend for Formidable Forms Add-On

Omnisend for Formidable Forms Add-On

omnisend-for-formidable-forms-add-on

A
100

Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS by Omnisend

20 No CVEs
Omnisend for Ninja Forms Add-On

Omnisend for Ninja Forms Add-On

omnisend-for-ninja-forms-add-on

A
100

Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS by Omnisend

20 No CVEs
Omnisend for SureCart Add-On

Omnisend for SureCart Add-On

omnisend-for-surecart-add-on

A
100

Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS by Omnisend

10 No CVEs
Omnisend for LifterLMS Add-On

Omnisend for LifterLMS Add-On

omnisend-for-lifterlms-add-on

A
100

Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS by Omnisend

0 No CVEs
Developer Profile

Omnisend for Gravity Forms Add-On Developer Profile

Omnisend

9 plugins · 151K total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
28 days
View full developer profile
Detection Fingerprints

How We Detect Omnisend for Gravity Forms Add-On

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/omnisend-for-gravity-forms-add-on/assets/css/style.css/wp-content/plugins/omnisend-for-gravity-forms-add-on/assets/js/omnisend-for-gravity-forms.js
Version Parameters
omnisend-for-gravity-forms-add-on/assets/css/style.css?ver=omnisend-for-gravity-forms-add-on/assets/js/omnisend-for-gravity-forms.js?ver=

HTML / DOM Fingerprints

CSS Classes
omnisend_field_mapping_details_container
HTML Comments
Omnisend Gravity forms add-on
Data Attributes
data-omnisend-field-mapping-details
JS Globals
OmnisendGravityFormsgform_gravityforms
FAQ

Frequently Asked Questions about Omnisend for Gravity Forms Add-On