https://legacy.forums.gravityhelp.com/topic/websecurify-reports-sql-injection-vulnerability Gravity Support Forums Topic: Websecurify en-US Sun, 19 Apr 2026 21:42:00 +0000 http://bbpress.org/?v=1.0.1 q https://legacy.forums.gravityhelp.com/search.php https://legacy.forums.gravityhelp.com/topic/websecurify-reports-sql-injection-vulnerability#post-4424 Fri, 02 Apr 2010 10:44:07 +0000 Carl Hancock 4424@https://legacy.forums.gravityhelp.com/ <p>I actually ran one of my test sites through Websecurity and it didn't return any SQL injection vulnerabilities. It did return some vulnerability warnings, however it returned those warnings for ALL forms on my test site... including WordPress related forms (search, comments, etc.) because ALL forms are an "in" for security attacks. That doesn't mean it's vulnerable, it just means that it is possible because it is a form. </p> https://legacy.forums.gravityhelp.com/topic/websecurify-reports-sql-injection-vulnerability#post-4420 Thu, 01 Apr 2010 20:14:04 +0000 Wheaton College 4420@https://legacy.forums.gravityhelp.com/ <p>ok thanks. </p> https://legacy.forums.gravityhelp.com/topic/websecurify-reports-sql-injection-vulnerability#post-4317 Sun, 28 Mar 2010 18:57:28 +0000 Carl Hancock 4317@https://legacy.forums.gravityhelp.com/ <p>We will certainly look into it, although we would need more to go on than just some web security app said there is a vulnerability. We will try out websecurify and see if it says anything specific.</p> <p>We aren't aware of any SQL injection vulnerabilities, and have security checks in place to insure that injection doesn't take place via submitted form data. </p> <p>But we will certainly look into it and see if there is something that needs to be patched.</p> <p>I adjusted the title of forum post, until we investigate what Websecurify is reporting there is no need to scare anyone into thinking there is a problem. </p> https://legacy.forums.gravityhelp.com/topic/websecurify-reports-sql-injection-vulnerability#post-4314 Sun, 28 Mar 2010 16:30:34 +0000 Wheaton College 4314@https://legacy.forums.gravityhelp.com/ <p>Hi, I am not sure if this is a false-positive or not. But, when I run Websecurify against my WP server, it reports that my Gravity Forms are vulnerable to an SQL injection attack.</p> <p><a href="http://www.websecurify.com/" rel="nofollow">http://www.websecurify.com/</a></p> <p>This could be a problem with Websecurify, or a vulnerability in Gravity Forms. In any event, I thought you should know. </p>