Note: this article is not intended for security researchers. If you’re a researcher, see information for security researchers.
We take security issues very seriously and want to ensure that you always feel safe when using Gravity Forms. Here are a few steps you should take if you believe you have a security issue with Gravity Forms.
Steps to take before reporting
Ensure Gravity Forms is fully updated to the latest version
First, be sure that you have the latest version of Gravity Forms. You may be running an older version, and we may have already patched the issue in a newer version. We strive to keep newer versions compatible with any existing implementation you have, so you should see minimal, if any, issues with updates.
Ensure all Gravity Forms add-ons are updated
Whether you are using official or third-party add-ons, be sure that they are all fully updated. Just as keeping Gravity Forms updated is important to your site’s health, keeping your add-ons up to date is just as important.
Submitting a security report
If you have confirmed that the security issue is current, please let us know as soon as possible.
- First, gather as much information as possible. This includes what has been affected and the potential exploit. Providing thorough information will help us release a patch much more quickly.
- Send an email to [email protected] promptly after gathering your information. We have individuals in various locations around the world who can review your concern quickly.
- We will confirm receipt of your security concern as quickly as possible.