Critical Security Alert: Gravity Forms Plugin Supply Chain Attack

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Critical Security Alert: Gravity Forms Plugin Supply Chain Attack

2025-07-12

Security researchers have uncovered a supply chain attack targeting the Gravity Forms WordPress plugin, with malicious code embedded in version 2.9.12. The attackers used backdoor functions, `update_entry_detail` and `list_sections`, to steal website information, create administrator accounts, and execute arbitrary code. The malicious code has been removed from the official download, and version 2.9.13 has been released. All Gravity Forms users are urged to update immediately and check their servers for malicious files and network requests.

(patchstack.com)

Development WordPress plugin

Muriel Spark: A Literary Game of Cat and Mouse with Her Biographer

Apple Declares 2013 'Trash Can' Mac Pro Vintage