Does Divi Gravity Forms (WP Tools) have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Divi Gravity Forms (WP Tools) compatible with WordPress 6.9.4?

According to WordPress.org data, Divi Gravity Forms (WP Tools) 9.1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Divi Gravity Forms (WP Tools) compatible with PHP 7.2.5+?

Divi Gravity Forms (WP Tools) requires PHP 7.2.5 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Divi Gravity Forms (WP Tools) updated?

Divi Gravity Forms (WP Tools) was last updated on Dec 29, 2025. Frequent updates are generally a positive security signal.

What is Divi Gravity Forms (WP Tools)'s security score?

Divi Gravity Forms (WP Tools) has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Divi Gravity Forms (WP Tools) Security & Risk Analysis

wordpress.org/plugins/wp-tools-gravity-forms-divi-module

Divi 4 & 5 module to integrate Gravity Forms. Create custom-designed forms for your website using extensive style customization options, no coding …

2K active installs v9.1.0 PHP 7.2.5+ WP 4.5+ Updated Dec 29, 2025

dividivi5gravity-formsgravityformsgravityforms-divi

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Divi Gravity Forms (WP Tools) Safe to Use in 2026?

Generally Safe

Score 100/100

Divi Gravity Forms (WP Tools) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The wp-tools-gravity-forms-divi-module v9.1.0 plugin exhibits a mixed security posture. On the positive side, it shows good practices regarding SQL query handling, with all queries using prepared statements and a high percentage of output being properly escaped. The absence of known vulnerabilities (CVEs) and critical taint analysis findings is also a strong indicator of a secure codebase. However, several concerning areas exist within its attack surface and authorization mechanisms.

The plugin exposes one AJAX handler that lacks authentication checks, presenting a significant risk of unauthorized execution of actions. Additionally, while the REST API routes are secured with permission callbacks, the presence of an unprotected AJAX endpoint is a direct pathway for potential exploitation. The lack of nonce checks on this AJAX handler further exacerbates the risk, making it susceptible to Cross-Site Request Forgery (CSRF) attacks.

In conclusion, while the plugin has strengths in data handling and a clean vulnerability history, the unprotected AJAX endpoint represents a critical weakness that needs immediate attention. The absence of capability checks and nonce validation on this entry point significantly increases the overall risk profile despite other positive security indicators.

Key Concerns

Unprotected AJAX handler
Missing nonce checks on AJAX
Missing capability checks
16 total outputs, 81% properly escaped (19% potentially unescaped)

Vulnerabilities

None known

Divi Gravity Forms (WP Tools) Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Divi Gravity Forms (WP Tools) Release Timeline

v9.1.0Current

v9.0.0

v8.5.4

v8.5.3

v8.5.2

v8.5.1

v8.5.0

v8.4.0

v8.3.0

v8.2.0

v8.1.2

v8.1.1

v8.0.0

v7.1.1

v7.1.0

v7.0.2

v7.0.0

v6.7.2

v6.7.1

v6.7.0

Code Analysis

Analyzed Mar 16, 2026

Divi Gravity Forms (WP Tools) Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

13 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius

Output Escaping

81% escaped16 total outputs

Attack Surface

1 unprotected

Divi Gravity Forms (WP Tools) Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_wpt_divi_gf_default_theme_check_noticesrc\Loader.php:68

REST API Routes 1

GET/wp-json/wpt_divi_gf/v1/gravityforms/src\Loader.php:100

WordPress Hooks 18

actiondivi_visual_builder_assets_before_enqueue_scriptsdivi-5\divi-5.php:36

actioninitdivi-5\divi-5.php:37

actioninitsrc\Divi5\Modules\GravityFormModule\GravityFormModule.php:39

actiondivi_module_library_modules_dependency_treesrc\Divi5\Modules\Modules.php:16

actioninitsrc\Loader.php:61

actionet_builder_readysrc\Loader.php:63

actiondivi_extensions_initsrc\Loader.php:64

actionwp_enqueue_scriptssrc\Loader.php:65

actionadmin_noticessrc\Loader.php:66

actionadmin_enqueue_scriptssrc\Loader.php:67

actionadmin_menusrc\Loader.php:70

actionwp_print_stylessrc\Loader.php:83

filteret_builder_get_module_slugs_by_post_typesrc\Loader.php:87

actionrest_api_initsrc\Loader.php:99

actioninitsrc\Loader.php:111

filterdivi.conversion.moduleLibrary.conversionMapsrc\Loader.php:119

actionafter_license_changesrc\Loader.php:120

filtershow_first_trial_after_n_secwp-tools-gravity-forms-divi-module.php:16

Maintenance & Trust

Divi Gravity Forms (WP Tools) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 29, 2025

PHP min version7.2.5

Downloads74K

Community Trust

Rating100/100

Number of ratings8

Active installs2K

Alternatives

Divi Gravity Forms (WP Tools) Alternatives

Module for Gravity Forms in Divi Builder

module-for-gravity-forms-in-divi-builder

Module for Gravity Forms in Divi Builder.

10 No CVEs

Surbma | Divi & Gravity Forms

surbma-divi-gravity-forms

100

Responsive Divi form styles for Gravity Forms.

9K No CVEs

Divi Styling Add-On for Gravity Forms

gf-divi

Have your Gravity Forms look just like the rest of Divi

700 No CVEs

GravityExport Lite for Gravity Forms

gf-entries-in-excel

100

Export all Gravity Forms entries to Excel (.xlsx) or CSV via a download button or a secret shareable URL.

10K No CVEs

Multiple Columns for Gravity Forms

gf-form-multicolumn

Introduces new form elements into Gravity Forms which allow for simple column creation.

10K No CVEs

Developer Profile

Divi Gravity Forms (WP Tools) Developer Profile

wptools

16 plugins · 6K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Divi Gravity Forms (WP Tools)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-tools-gravity-forms-divi-module/divi-5/visual-builder/styles/bundle.css/wp-content/plugins/wp-tools-gravity-forms-divi-module/divi-5/visual-builder/build/d5-divi-gravity-form.js

Script Paths

/wp-content/plugins/wp-tools-gravity-forms-divi-module/divi-5/visual-builder/build/d5-divi-gravity-form.js

Version Parameters

wp-tools-gravity-forms-divi-module/divi-5/visual-builder/styles/bundle.css?ver=

HTML / DOM Fingerprints

JS Globals

window._xP9zQfA1

FAQ