Hi, I am not sure if this is a false-positive or not. But, when I run Websecurify against my WP server, it reports that my Gravity Forms are vulnerable to an SQL injection attack.
This could be a problem with Websecurify, or a vulnerability in Gravity Forms. In any event, I thought you should know.
We will certainly look into it, although we would need more to go on than just some web security app said there is a vulnerability. We will try out websecurify and see if it says anything specific.
We aren't aware of any SQL injection vulnerabilities, and have security checks in place to insure that injection doesn't take place via submitted form data.
But we will certainly look into it and see if there is something that needs to be patched.
I adjusted the title of forum post, until we investigate what Websecurify is reporting there is no need to scare anyone into thinking there is a problem.
ok thanks.
I actually ran one of my test sites through Websecurity and it didn't return any SQL injection vulnerabilities. It did return some vulnerability warnings, however it returned those warnings for ALL forms on my test site... including WordPress related forms (search, comments, etc.) because ALL forms are an "in" for security attacks. That doesn't mean it's vulnerable, it just means that it is possible because it is a form.
