A Gravity Forms security vulnerability has been reported. If you are using Gravity Forms, update immediately to the latest version 1.8.20. The security flaw in older versions allows anyone to upload any type of file to the server. While WordPress has mechanisms in place to prevent the upload of certain types of files, this hack allows a malicious visitor to bypass those mechanisms and upload any type of file they choose.
How To Check Your Version of Gravity Forms
When you log in to your WordPress dashboard, click the Plugins link and look at the list of plugins installed on your site. If you have Gravity Forms, it will very likely be indicating that an update is available. You will see the version number you have installed in the description of the plugin. If that version is less than 1.8.20, update immediately.
How To Update Gravity Forms
If you have an active license for Gravity Forms, you can update via your WordPress dashboard, or download the update from your Gravity Forms account and update manually.
If you do not have an active license, you will need to purchase one or find an alternative form builder plugin. Depending what you’re using Gravity Forms for, one may make more sense than the other.
For example, one of my clients was using Gravity Forms for his contact form and nothing else. In that case, buying a license made no sense, especially since it has to be renewed every year. We replaced his old version of Gravity Forms with Formidable Pro for which I have a developer license.
As always, be careful out there!
Laptop image courtesy of Stuart Miles at FreeDigitalPhotos.net