WP-Safety

Postmatic for Gravity Forms Security & Risk Analysis

wordpress.org/plugins/postmatic-for-gravity-forms

Allows Postmatic subscriptions via Gravity Forms

10 active installs v1.0.0 PHP + WP 3.8+ Updated Unknown
gravityformspostmatic
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Postmatic for Gravity Forms Safe to Use in 2026?

Generally Safe

Score 100/100

Postmatic for Gravity Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The 'postmatic-for-gravity-forms' v1.0.0 plugin presents a mixed security posture. On the positive side, static analysis reveals a clean code base with no dangerous functions, no file operations, and no external HTTP requests. All identified SQL queries are correctly using prepared statements, which is a significant strength in preventing SQL injection vulnerabilities. The absence of known CVEs and a clean vulnerability history are also encouraging indicators. However, a significant concern arises from the complete lack of output escaping. This means that any data processed and displayed by the plugin is not being sanitized, leaving it vulnerable to Cross-Site Scripting (XSS) attacks. Furthermore, the absence of nonce and capability checks across all potential entry points, although currently minimal in number, indicates a potential for unauthorized access or actions if new entry points are introduced in future updates without proper security considerations.

Key Concerns

  • Output escaping is not properly implemented
  • No nonce checks found
  • No capability checks found
Vulnerabilities
None known

Postmatic for Gravity Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Postmatic for Gravity Forms Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped2 total outputs
Attack Surface

Postmatic for Gravity Forms Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actionadmin_noticespostmaticgf.php:12
actionadmin_noticespostmaticgf.php:15
actionplugins_loadedpostmaticgf.php:18
Maintenance & Trust

Postmatic for Gravity Forms Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34
Last updatedUnknown
PHP min version
Downloads2K

Community Trust

Rating100/100
Number of ratings2
Active installs10
Alternatives

Postmatic for Gravity Forms Alternatives

گرویتی فرم فارسی

گرویتی فرم فارسی

persian-gravity-forms

A
100

بسته کامل فارسی ساز گرویتی فرم

30K No CVEs
GravityExport Lite for Gravity Forms

GravityExport Lite for Gravity Forms

gf-entries-in-excel

A
100

Export all Gravity Forms entries to Excel (.xlsx) or CSV via a download button or a secret shareable URL.

10K No CVEs
Multiple Columns for Gravity Forms

Multiple Columns for Gravity Forms

gf-form-multicolumn

A
85

Introduces new form elements into Gravity Forms which allow for simple column creation.

10K No CVEs
Surbma | Divi & Gravity Forms

Surbma | Divi & Gravity Forms

surbma-divi-gravity-forms

A
85

Responsive Divi form styles for Gravity Forms.

9K No CVEs
Smart phone field for Gravity Forms

Smart phone field for Gravity Forms

smart-phone-field-for-gravity-forms

A
100

A simple and nice plugin to get auto country flag from user ip address on gravity form phone field.

5K No CVEs
Developer Profile

Postmatic for Gravity Forms Developer Profile

Jeff Matson

4 plugins · 60 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Postmatic for Gravity Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Data Attributes
data-feed_iddata-feed_type
FAQ

Frequently Asked Questions about Postmatic for Gravity Forms