CVE-2026-5113 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Consent Field Hidden Input

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wpkses, combined with insufficient output...