Gravity Forms Plugin Security Breach Alert

I just noticed a recent announcement on Gravity Forms’ official website about a security incident. They’ve alerted users that certain versions of their plugin were affected.

If you downloaded either version 2.9.11.1 or 2.9.12 from their site on specific days in July, your copy might be compromised. Here are the conditions they mentioned that might indicate a problem:

• Manual download of version 2.9.11.1 on July 9th or 10th through your account downloads page.
• Manual download of version 2.9.12 on July 10th.
• Using composer to install version 2.9.11.1 during those dates.

Fortunately, this seems to involve only users who downloaded directly from their website during that brief period. They’ve also shared additional steps to check if your site has been affected and actions to take if it has.

Has anyone come across this notice? I’m curious if I should be concerned since I updated around that time but I can’t recall the exact date.

Take this seriously. I dealt with something similar last year with a different plugin and learned that even short security windows can mess you up badly. Don’t panic, just work through it step by step. Check your WordPress admin logs and recent plugin activity to see what version you’ve got installed. If you’re running either affected version, assume you’re compromised - doesn’t matter when you think you downloaded it. Update to the latest clean version right away, then run a full security scan with Wordfence or Sucuri. Check your file integrity and look for any sketchy admin users that might’ve been created. It’s good that Gravity Forms was upfront about this, but don’t let that stop you from following their cleanup steps.