0.001 Low
EPSS
Percentile
31.3%
The plugin unserializes user input via the get_field_input(), which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog
patchstack.com/articles/unauthenticated-php-object-injection-in-gravity-forms-plugin/