Does Gravity Forms Square (Free) have any unpatched vulnerabilities?

No. All known vulnerabilities in Gravity Forms Square (Free) have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Gravity Forms Square (Free) compatible with WordPress 6.8.5?

According to WordPress.org data, Gravity Forms Square (Free) 1.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Gravity Forms Square (Free) compatible with PHP 7.0+?

Gravity Forms Square (Free) requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Gravity Forms Square (Free) updated?

Gravity Forms Square (Free) was last updated on Nov 18, 2025. Frequent updates are generally a positive security signal.

What is Gravity Forms Square (Free)'s security score?

Gravity Forms Square (Free) has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Gravity Forms Square (Free) Security & Risk Analysis

wordpress.org/plugins/pay-with-square-in-gravity-forms

Gravity Form Square plugin is a WordPress plugin that allows users to pay from their gravity form using Square payment gateway.

30 active installs v1.2 PHP 7.0+ WP 4.8+ Updated Nov 18, 2025

gravity-formspayment-gatewaysquare

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Gravity Forms Square (Free) Safe to Use in 2026?

Generally Safe

Score 100/100

Gravity Forms Square (Free) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The 'pay-with-square-in-gravity-forms' plugin v1.2 exhibits a generally positive security posture based on the static analysis. The absence of identified AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points is a significant strength, indicating a limited attack surface. The plugin also demonstrates good practices regarding dangerous functions and file operations. However, concerns arise from the presence of unsanitized paths identified in the taint analysis, even though no critical or high-severity issues were flagged. The external HTTP requests, while not inherently malicious, should be monitored for potential information leakage or dependency on insecure external services. The plugin has no recorded vulnerability history, which is a strong positive indicator of its past security, suggesting consistent development attention or a lack of past exploitation. Overall, the plugin appears robust, but the taint analysis warrants further investigation into the identified unsanitized paths to ensure they do not lead to exploitable vulnerabilities.

Key Concerns

Flows with unsanitized paths detected
No capability checks on entry points
SQL queries with potential for injection (67% prepared)
Output escaping not fully comprehensive (85% escaped)

Vulnerabilities

None known

Gravity Forms Square (Free) Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Gravity Forms Square (Free) Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

61 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared3 total queries

Output Escaping

85% escaped72 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

7 flows4 with unsanitized paths

gfsr_square_gf_auth_success_action_free (gf-square.php:197)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Gravity Forms Square (Free) Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 26

actionwp_loadedgf-square.php:37

actionadmin_initgf-square.php:43

actionadmin_noticesgf-square.php:90

actionadmin_noticesgf-square.php:95

actionadmin_initgf-square.php:114

actionadmin_noticesgf-square.php:130

actiongform_enqueue_scriptsincludes\class-square-gf.php:14

actionadmin_enqueue_scriptsincludes\class-square-gf.php:15

filtergform_validationincludes\class-square-gf.php:19

filtergform_entry_post_saveincludes\class-square-gf.php:24

actiongform_entry_detail_sidebar_middleincludes\class-square-gf.php:27

actiongform_delete_entryincludes\class-square-gf.php:31

actionadmin_noticesincludes\class-square-gf.php:34

filtergform_notification_noteincludes\class-square-gf.php:37

filtergform_entry_field_valueincludes\class-square-gf.php:39

filtergform_pre_send_emailincludes\class-square-gf.php:41

filtergform_before_resend_notificationsincludes\class-square-gf.php:42

actiongform_register_init_scriptsincludes\class-square-gf.php:101

filtergform_form_settings_menuincludes\class-square-settings.php:17

actiongform_form_settings_page_square_settings_pageincludes\class-square-settings.php:18

actionadmin_initincludes\class-square-settings.php:21

actiongform_field_standard_settingsincludes\class-square-settings.php:24

actionadmin_enqueue_scriptsincludes\class-square-settings.php:26

filtergform_noconflict_scriptsincludes\class-square-settings.php:27

actionadmin_noticesincludes\class-square-settings.php:28

actiongform_editor_jsincludes\class-square-settings.php:34

Maintenance & Trust

Gravity Forms Square (Free) Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 18, 2025

PHP min version7.0

Downloads2K

Community Trust

Rating100/100

Number of ratings6

Active installs30

Alternatives

Gravity Forms Square (Free) Alternatives

WC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerce

woosquare

Want to add Square Payment Gateway for WooCommerce? Download WC Shop Sync plugin to add Square payments, inventory sync, customer data, orders, etc.

900 2 CVEs

Gravity Forms Eway

gravityforms-eway

100

Easily create online payment forms with Gravity Forms and Eway.

500 No CVEs

GF ACH Field Type

gf-ach-field

100

This plugin enables you to add ACH field type to Gravity Forms.

300 No CVEs

WPExperts Square For GiveWP

wpexperts-square-for-give

GiveWP Square plugin for WordPress allows users to donate from their give-donation form using Square payment gateway. Now, you can accept credit card …

100 2 CVEs

Opayo Form Payment Gateway for Gravity Forms

sagepay-form-payment-gateway-for-gravity-forms

Opayo Server Gateway for accepting payments on your Gravity Forms Store.

90 No CVEs

Developer Profile

Gravity Forms Square (Free) Developer Profile

Saad Iqbal

84 plugins · 1.4M total installs

trust score

Avg Security Score

96/100

Avg Patch Time

287 days

View full developer profile

Detection Fingerprints

How We Detect Gravity Forms Square (Free)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pay-with-square-in-gravity-forms/includes/class-square-gf.php/wp-content/plugins/pay-with-square-in-gravity-forms/includes/class-square-settings.php

HTML / DOM Fingerprints

FAQ