Does Gravity Forms YMLP Add-on have any unpatched vulnerabilities?

No. All known vulnerabilities in Gravity Forms YMLP Add-on have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Gravity Forms YMLP Add-on compatible with WordPress 4.2.39?

According to WordPress.org data, Gravity Forms YMLP Add-on 1.0.2 has been tested up to WordPress 4.2.39. Check the plugin's changelog for the latest compatibility information.

How often is Gravity Forms YMLP Add-on updated?

Gravity Forms YMLP Add-on was last updated on Apr 20, 2015. Frequent updates are generally a positive security signal.

What is Gravity Forms YMLP Add-on's security score?

Gravity Forms YMLP Add-on has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Gravity Forms YMLP Add-on Security & Risk Analysis

wordpress.org/plugins/ymlp

Integrate the Gravity Forms contact form plugin with YMLP, a newsletter mailing list solution.

40 active installs v1.0.2 PHP + WP 2.8+ Updated Apr 20, 2015

formformsgravitygravity-formgravity-forms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Gravity Forms YMLP Add-on Safe to Use in 2026?

Generally Safe

Score 85/100

Gravity Forms YMLP Add-on has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "ymlp" plugin v1.0.2 presents a mixed security posture. On the positive side, it has a small attack surface with no publicly exposed REST API routes or shortcodes, and all identified AJAX handlers have authentication checks. The plugin also demonstrates good practices by using prepared statements for the vast majority of its SQL queries and implementing nonce and capability checks for its entry points. However, the presence of the `unserialize` function is a significant concern, as it can lead to object injection vulnerabilities if not handled with extreme care and validated input. Furthermore, the low percentage of properly escaped output (33%) indicates a substantial risk of cross-site scripting (XSS) vulnerabilities, as user-supplied data might be rendered directly in the browser without proper sanitization. The lack of any recorded vulnerabilities in its history is a positive indicator, suggesting either diligent development or a lack of public discovery, but it does not negate the inherent risks identified in the static analysis.

Key Concerns

Dangerous function unserialize found
Low percentage of output properly escaped
Flow with unsanitized paths found

Vulnerabilities

None known

Gravity Forms YMLP Add-on Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Gravity Forms YMLP Add-on Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

19 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$serial = unserialize($response);api\YMLP_API.class.php:91

SQL Query Safety

89% prepared9 total queries

Output Escaping

33% escaped58 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

edit_page (ymlp.php:516)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Gravity Forms YMLP Add-on Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_rg_update_feed_activeymlp.php:110

authwp_ajax_gf_select_ymlp_formymlp.php:111

WordPress Hooks 8

actioninitymlp.php:28

actionadmin_noticesymlp.php:48

filterplugin_action_linksymlp.php:60

filtertransient_update_pluginsymlp.php:72

filtermembers_get_capabilitiesymlp.php:83

filtergform_addon_navigationymlp.php:86

filtergform_tooltipsymlp.php:99

actiongform_post_submissionymlp.php:116

Maintenance & Trust

Gravity Forms YMLP Add-on Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39

Last updatedApr 20, 2015

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs40

Alternatives

Gravity Forms YMLP Add-on Alternatives

Gravity Forms Zero Spam

gravity-forms-zero-spam

100

Enhance your Gravity Forms to include anti-spam measures originally based on the work of David Walsh's "Zero Spam" technique.

100K No CVEs

Gravity Booster – Styles & Layouts for Gravity Forms

styles-and-layouts-for-gravity-forms

100

Gravity Booster - Styles and Layouts for Gravity Forms plugin lets you design and style Gravity Forms without CSS coding. You can also use it for addi …

40K No CVEs

Advanced Custom Fields: Gravity Forms Add-on

acf-gravityforms-add-on

100

Provides an Advanced Custom Field which allows a WordPress user to select a Gravity Form as part of a field group configuration.

30K No CVEs

Event Tracking for Gravity Forms

gravity-forms-google-analytics-event-tracking

Easily add event tracking using Gravity Forms and your Google Analytics or Google Tag Manager account. Supports Google Analytics v3 and Gravity Forms …

20K No CVEs

Gravity PDF

gravity-forms-pdf-extended

100

Automatically generate, email and download PDF documents from Gravity Forms entries

20K 1 CVE

Developer Profile

Gravity Forms YMLP Add-on Developer Profile

Zack Katz

23 plugins · 14K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Gravity Forms YMLP Add-on

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gravity-forms-ymlp/images/ymlp_wordpress_icon_32.png

Script Paths

/wp-content/plugins/gravity-forms-ymlp/js/ymlp.js/wp-content/plugins/gravity-forms-ymlp/js/settings.js

HTML / DOM Fingerprints

CSS Classes

gform_ymlp_feed_list

HTML Comments

Data Attributes

data-input-iddata-feed-id

JS Globals

ymlp_gf_validationymlp_gf_settings

FAQ