https://legacy.forums.gravityhelp.com/topic/pci-vulnerability-scanners-auto-filling-submitting-forms Gravity Support Forums Topic: PCI Vulnerability Scanners Auto-Filling / Submitting Forms en-US Mon, 20 Apr 2026 13:40:53 +0000 http://bbpress.org/?v=1.0.1 q https://legacy.forums.gravityhelp.com/search.php https://legacy.forums.gravityhelp.com/topic/pci-vulnerability-scanners-auto-filling-submitting-forms#post-146613 Wed, 13 Feb 2013 13:14:33 +0000 Alex Cancado 146613@https://legacy.forums.gravityhelp.com/ <p>I am tracking down this issue.</p> <p>Any chance you could take a look at your web server logs and find that exact request (form submission) made by the PCI vulnerability scanner. I need to replicate this issue locally and getting a hands on that request would be very helpful. </p> https://legacy.forums.gravityhelp.com/topic/pci-vulnerability-scanners-auto-filling-submitting-forms#post-146532 Wed, 13 Feb 2013 08:28:22 +0000 Chris Hajer 146532@https://legacy.forums.gravityhelp.com/ <p>I'll ask the development team about this one.</p> <p>For reference, related:<br /> <a href="http://www.gravityhelp.com/forums/topic/form-fields-are-populated-with-0s-zero" rel="nofollow">http://www.gravityhelp.com/forums/topic/form-fields-are-populated-with-0s-zero</a> </p> https://legacy.forums.gravityhelp.com/topic/pci-vulnerability-scanners-auto-filling-submitting-forms#post-146159 Tue, 12 Feb 2013 03:10:00 +0000 TSCADFX 146159@https://legacy.forums.gravityhelp.com/ <p>This has been discussed a couple times throughout the forum and there's never been a clear answer. </p> <p>Some PCI vulnerability scanners can populate and submit forms even when phone number and email fields exist that error out on web-based submissions. Somehow these scanners, which scan for vulnerabilities in many things such as web based forms, are able to submit these forms without triggering the errors. This essentially confirms that there's a vulnerability because the form is able to be submitted without meeting the necessary requirements. </p> <p>As many have mentioned the forms are typically submitted on average of 8 times per day, per form, and are filled with 0's. The IP addresses do confirm that the forms are being filled by the scanners. This appears to happen on both encrypted and non-encrypted pages as well as on stock WP and custom themed / with addons. </p> <p>Installation Status<br /> PHP Version 5.3.3<br /> MySQL Version 5.1.67<br /> WordPress Version 3.5.1<br /> Gravity Forms Version 1.6.12 </p>