|
|
|
|
|
|
by anthonyeden
335 days ago
|
|
|
The official Gravity Forms post [0] indicates you were only compromised if you installed Gravity Forms via direct website download or Composer install. From what I can see, Composer install methods use the same Gravity Forms API to fetch the install package as the auto-update feature within the plugin. Their WP-CLI plugin uses the same mechanism too. It will be interesting to see if the Gravity Forms developers engage a third party security firm to investigate this incident. So far they have not mentioned it. [0] https://www.gravityforms.com/blog/security-incident-notice/ |
|
|