PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

Websecurify

  1. Hi, I am not sure if this is a false-positive or not. But, when I run Websecurify against my WP server, it reports that my Gravity Forms are vulnerable to an SQL injection attack.

    http://www.websecurify.com/

    This could be a problem with Websecurify, or a vulnerability in Gravity Forms. In any event, I thought you should know.

    Posted 9 years ago on Sunday March 28, 2010 | Permalink
  2. We will certainly look into it, although we would need more to go on than just some web security app said there is a vulnerability. We will try out websecurify and see if it says anything specific.

    We aren't aware of any SQL injection vulnerabilities, and have security checks in place to insure that injection doesn't take place via submitted form data.

    But we will certainly look into it and see if there is something that needs to be patched.

    I adjusted the title of forum post, until we investigate what Websecurify is reporting there is no need to scare anyone into thinking there is a problem.

    Posted 9 years ago on Sunday March 28, 2010 | Permalink
  3. ok thanks.

    Posted 9 years ago on Friday April 2, 2010 | Permalink
  4. I actually ran one of my test sites through Websecurity and it didn't return any SQL injection vulnerabilities. It did return some vulnerability warnings, however it returned those warnings for ALL forms on my test site... including WordPress related forms (search, comments, etc.) because ALL forms are an "in" for security attacks. That doesn't mean it's vulnerable, it just means that it is possible because it is a form.

    Posted 9 years ago on Friday April 2, 2010 | Permalink