WP-Safety

PDF Builder for Gravity Forms Security & Risk Analysis

wordpress.org/plugins/pdf-builder-for-gravity

The first and only PDF drag and drop builder for Gravity Forms.

10 active installs v1.2.142 PHP + WP 3.3+ Updated Mar 22, 2026
formspdfpdf-builderwpformwpforms
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is PDF Builder for Gravity Forms Safe to Use in 2026?

Generally Safe

Score 100/100

PDF Builder for Gravity Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "pdf-builder-for-gravity" plugin version 1.2.141 exhibits a concerning security posture primarily due to a significant number of unprotected entry points. The static analysis reveals 4 AJAX handlers, all of which lack authentication checks. This creates a broad attack surface where any unauthenticated user could potentially interact with sensitive plugin functionalities. Furthermore, the taint analysis indicates 2 high-severity flows with unsanitized paths, suggesting a risk of data manipulation or injection if these flows are reachable without proper sanitization.

Despite these concerns, the plugin demonstrates good practices in other areas. The vast majority of SQL queries utilize prepared statements, a strong defense against SQL injection. The plugin also implements a reasonable number of capability checks and a nonce check, indicating an awareness of common security measures. The absence of known CVEs and vulnerabilities in its history is a positive sign, suggesting the developers have addressed past issues or that the plugin has not been a frequent target. However, the current analysis highlights immediate risks that outweigh the positive historical trends, particularly the unprotected AJAX endpoints and high-severity taint flows.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows with unsanitized paths
  • Low output escaping rate
  • Bundled outdated TCPDF library
Vulnerabilities
None known

PDF Builder for Gravity Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

PDF Builder for Gravity Forms Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

PDF Builder for Gravity Forms Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
56 prepared
Unescaped Output
35
45 escaped
Nonce Checks
1
Capability Checks
6
File Operations
43
External Requests
1
Bundled Libraries
3

Bundled Libraries

dompdfSelect2TCPDF1.0.004

SQL Query Safety

92% prepared61 total queries

Output Escaping

56% escaped80 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

7 flows4 with unsanitized paths
ValidateGoogleAuthToken1 (ajax\DesignerAjax.php:60)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

PDF Builder for Gravity Forms Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

authwp_ajax_rednao_validate_google_auth_token1ajax\DesignerAjax.php:39
authwp_ajax_rednao_validate_google_auth_token2ajax\DesignerAjax.php:40
authwp_ajax_rednao_validate_google_auth_token3ajax\DesignerAjax.php:41
authwp_ajax_pdf_builder_dont_show_again_noticeajax\TemplateListAjax.php:35
WordPress Hooks 11
actioninitajax\AjaxBase.php:33
filterupgrader_process_completecore\Loader.php:49
filterpdfbuilder_get_loadercore\Loader.php:51
actionadmin_enqueue_scriptscore\Loader.php:165
actionadmin_enqueue_scriptscore\PluginBase.php:121
actionadmin_menucore\PluginBase.php:122
actionadmin_initcore\PluginBase.php:123
actionadmin_print_stylescore\PluginBase.php:177
actionadmin_print_scriptscore\PluginBase.php:178
filterwp_die_ajax_handlerhtmlgenerator\generators\PDFGenerator.php:116
actiongform_entry_detail_sidebar_middleIntegration\Adapters\Gravity\Entry\GravityEntryProcessor.php:46
Maintenance & Trust

PDF Builder for Gravity Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 22, 2026
PHP min version
Downloads15K

Community Trust

Rating46/100
Number of ratings3
Active installs10
Alternatives

PDF Builder for Gravity Forms Alternatives

PDF Builder for WPForms

PDF Builder for WPForms

pdf-builder-for-wpforms

A
99

The first and only PDF drag and drop builder for WPForms.

1K 2 CVEs
PDF Importer for WPForms

PDF Importer for WPForms

pdf-importer-for-wpform

A
100

Import a pdf, map it to a form and attaching to any email

400 No CVEs
PDF Importer for Gravity Forms

PDF Importer for Gravity Forms

pdf-importer-for-gravity

A
100

Import a pdf, map it to a form and attaching to any email

20 No CVEs
PDF Importer for Ninja Forms

PDF Importer for Ninja Forms

pdf-importer-for-ninjaforms-pro

A
100

Import a pdf, map it to a form and attaching to any email

10 No CVEs
PDF for WPForms + Drag and Drop Template Builder

PDF for WPForms + Drag and Drop Template Builder

pdf-for-wpforms

A
92

The plugin helps you create PDF for WPForms you can builder PDF template

1K 6 CVEs
Developer Profile

PDF Builder for Gravity Forms Developer Profile

EDGARROJAS

19 plugins · 12K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
278 days
View full developer profile
Detection Fingerprints

How We Detect PDF Builder for Gravity Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pdf-builder-for-gravity/js/dist/Designer_bundle.js/wp-content/plugins/pdf-builder-for-gravity/js/dist/EntryList_bundle.js/wp-content/plugins/pdf-builder-for-gravity/js/dist/EntryView_bundle.js/wp-content/plugins/pdf-builder-for-gravity/js/dist/PDFList_bundle.js/wp-content/plugins/pdf-builder-for-gravity/js/dist/TemplateList_bundle.js/wp-content/plugins/pdf-builder-for-gravity/js/dist/Settings_bundle.js/wp-content/plugins/pdf-builder-for-gravity/js/dist/DeactivationDialog_bundle.js
Script Paths
/wp-content/plugins/pdf-builder-for-gravity/js/dist/Designer_bundle.js/wp-content/plugins/pdf-builder-for-gravity/js/dist/EntryList_bundle.js/wp-content/plugins/pdf-builder-for-gravity/js/dist/EntryView_bundle.js/wp-content/plugins/pdf-builder-for-gravity/js/dist/PDFList_bundle.js/wp-content/plugins/pdf-builder-for-gravity/js/dist/TemplateList_bundle.js/wp-content/plugins/pdf-builder-for-gravity/js/dist/Settings_bundle.js+1 more

HTML / DOM Fingerprints

CSS Classes
pdfbuilder-designerpdfbuilder-entry-listpdfbuilder-entry-viewpdfbuilder-pdf-listpdfbuilder-template-listpdfbuilder-settings
HTML Comments
<!--Looks like you already have a version of the plugin installed (perhaps the free version)? please deactivate/delete it before activating this version -->
Data Attributes
data-rednao-pdf-builder-item-iddata-rednao-pdf-builder-author
JS Globals
RednaoPDFBuilderRednaoPDFBuilderDesignerRednaoPDFBuilderTemplateListRednaoPDFBuilderEntryListRednaoPDFBuilderEntryViewRednaoPDFBuilderSettings
REST Endpoints
/wp-json/rednaoformpdfbuilder/v1/designer/wp-json/rednaoformpdfbuilder/v1/template-list/wp-json/rednaoformpdfbuilder/v1/pdf-utils
FAQ

Frequently Asked Questions about PDF Builder for Gravity Forms