Mastodawn

Ross McKay Jul 19

GF Eway Pro v1.20.0

• fixed: prevent double-handling of Responsive Shared Page transaction with 3D Secure

https://shop.webaware.com.au/gf-eway-pro-v1-20-0/

#WordPress #GravityForms #Eway

jbz Jul 15

🚨 Malware Found in Official GravityForms Plugin Indicating Supply Chain Breach - Patchstack

https://patchstack.com/articles/critical-malware-found-in-gravityforms-official-plugin-site/

#gravityforms #supplychainattack #malware #wordpress

Malware Found in Official GravityForms Plugin Indicating Supply Chain Breach - Patchstack

Update 7-11-2025 14:10 UTC: A version 2.9.13 has been released to ensure customers can safely update to a new version without a backdoor present. In addition, Namecheap (the domain registrar) has suspended the domain name gravityapi.org to avoid successful exploitation of the backdoor portion that connects to this domain name. Update 7-11-2025 12:38 UTC: We […]

Patchstack

Marcel SIneM(S)US Jul 15

#GravityForms: #WordPressPlugin in #SupplyChain-Attacke infiziert | Security https://www.heise.de/news/GravityForms-WordPress-Plug-in-in-Supply-Chain-Attacke-infiziert-10486326.html #Patchday #WordPress #CMS #ContentManagementSystem

GravityForms: WordPress-Plug-in in Supply-Chain-Attacke infiziert

IT-Forscher haben auf der Webseite des millionenfach genutzten WordPress-Plug-ins GravityForms eine infizierte Version entdeckt.

heise online

GripNews Jul 13

🌕 GravityForms 官方插件遭植入惡意程式碼，供應鏈安全漏洞曝光
➤ 供應鏈攻擊風險再升級，GravityForms 插件成受害者
✤ https://patchstack.com/articles/critical-malware-found-in-gravityforms-official-plugin-site/
安全研究人員發現 GravityForms 官方插件遭植入惡意程式碼，顯示供應鏈遭到入侵。此惡意程式碼透過 `update_entry_detail` 函數向 `gravityapi.org` 發送網站資訊，並可能在網站上寫入惡意檔案。GravityForms 已發布 2.9.13 版本修補此漏洞，Namecheap 也已暫停 `gravityapi.org` 域名。初步調查顯示受影響範圍可能有限，但 Patchstack 團隊正在持續監控情況。
+ 「這太可怕了！我正在使用 GravityForms，必須立刻更新。這也讓我開始擔心其他插件的安全性。」
+ 「Patchstack
#安全漏洞 #WordPress #GravityForms #供應鏈攻擊

Malware Found in Official GravityForms Plugin Indicating Supply Chain Breach - Patchstack

Update 7-11-2025 14:10 UTC: A version 2.9.13 has been released to ensure customers can safely update to a new version without a backdoor present. In addition, Namecheap (the domain registrar) has suspended the domain name gravityapi.org to avoid successful exploitation of the backdoor portion that connects to this domain name. Update 7-11-2025 12:38 UTC: We […]

Patchstack

Hacker News Jul 12

Malware Found in Official GravityForms Plugin Indicating Supply Chain Breach

https://patchstack.com/articles/critical-malware-found-in-gravityforms-official-plugin-site/

#HackerNews #Malware #SupplyChain #GravityForms #Security #Breach #CyberThreats

Malware Found in Official GravityForms Plugin Indicating Supply Chain Breach - Patchstack

Update 7-11-2025 14:10 UTC: A version 2.9.13 has been released to ensure customers can safely update to a new version without a backdoor present. In addition, Namecheap (the domain registrar) has suspended the domain name gravityapi.org to avoid successful exploitation of the backdoor portion that connects to this domain name. Update 7-11-2025 12:38 UTC: We […]

Patchstack

The New Oil Jul 12

#WordPress #GravityForms developer hacked to push backdoored plugins

https://www.bleepingcomputer.com/news/security/wordpress-gravity-forms-developer-hacked-to-push-backdoored-plugins/

#cybersecurity

WordPress Gravity Forms developer hacked to push backdoored plugins

The popular WordPress plugin Gravity Forms has been compromised in what seems a supply-chain attack where manual installers from the official website were infected with a backdoor.

BleepingComputer

Show thread

Ross McKay Jul 12

@futtta Gravity Forms malware confirmed by Gravity Forms:

https://www.gravityforms.com/blog/security-incident-notice/

#WordPress #GravityForms

SECURITY INCIDENT NOTICE: Gravity Forms 2.9.11.1, 2.9.12 Malware Compromise Notice

Security Incident Notice: Please review this article for full details on a recent security issue affecting Gravity Forms.

Gravity Forms

ManiabelChris Jul 11

Der manuelle Download des WordPress-Plugins GravityForms war zwischen dem 10. und 11. Juli 2025 mit Malware verseucht, berichtet
https://patchstack.com/articles/critical-malware-found-in-gravityforms-official-plugin-site/
#wordpress #malware #gravityforms #infosec

Malware Found in Official GravityForms Plugin Indicating Supply Chain Breach - Patchstack

Update 7-11-2025 14:10 UTC: A version 2.9.13 has been released to ensure customers can safely update to a new version without a backdoor present. In addition, Namecheap (the domain registrar) has suspended the domain name gravityapi.org to avoid successful exploitation of the backdoor portion that connects to this domain name. Update 7-11-2025 12:38 UTC: We […]

Patchstack

frank goossens 🇧🇪🇪🇺Jul 11

Gravityforms victim of supply chain attack?

https://patchstack.com/articles/critical-malware-found-in-gravityforms-official-plugin-site/

#wordpress #gravityforms #vulnerability

Malware Found in Official GravityForms Plugin Indicating Supply Chain Breach - Patchstack

Update 7-11-2025 14:10 UTC: A version 2.9.13 has been released to ensure customers can safely update to a new version without a backdoor present. In addition, Namecheap (the domain registrar) has suspended the domain name gravityapi.org to avoid successful exploitation of the backdoor portion that connects to this domain name. Update 7-11-2025 12:38 UTC: We […]

Patchstack

Liam Dempsey Jun 18

I'm grateful to @mattmedeiros and #GravityForms for the opportunity to chat #WordPress, #clients, #agency work, and more.

Give it a listen. Let me know what you think of it.

https://breakdown.transistor.fm/episodes/how-liam-dempsey-powers-agency-projects-with-gravity-forms