WordPress Plugin Vulnerabilities

GravityForms 2.9.11.1 / 2.9.12 - Malware Compromise

Description

For a limited time and only via specific methods, two Gravity Forms core plugin packages offered for manual download were compromised by an external agent who made unauthorized code modifications.

Modified versions of Gravity Forms 2.9.11.1 and 2.9.12 were infected, but only a limited number of those packages were affected, and they were only available for a limited compromise window.

You may have a compromised version if you installed a Gravity Forms core package under the following conditions:

- You manually downloaded 2.9.11.1 on July 9 or 10 via your Gravity Forms account downloads page.
- You manually downloaded 2.9.12 on July 10.
- You ran a composer install and installed 2.9.11.1 on the dates above.

Affects Plugins

Plugin icon
gravityforms
Fixed in 2.9.13

References

URL
https://patchstack.com/articles/critical-malware-found-in-gravityforms-official-plugin-site/

Miscellaneous

Verified
Yes
WPVDB ID
95cf3f20-912a-4da5-950a-c774db147de4

Timeline

Publicly Published
2025-07-11 (about 8 months ago)
Added
2025-07-14 (about 8 months ago)
Last Updated
2025-07-14 (about 8 months ago)

Other

Published
Title
Published
2017-09-10
Title
Display Widgets 2.6.0-2.6.3.1 - Backdoored
Published
2024-06-25
Title
Various Plugins <= Various Version - Use of Polyfill.io
Published
2020-02-27
Title
wpdefault - Backdoor Plugin
Published
2017-12-28
Title
No Follow All External Links 2.1.0-2.3.0 (current) - Backdoored
Published
2020-01-27
Title
blnmrpb - Webshell in Fake Plugin