https://aretiq.ai/tags/gravity-forms/Recent content in Gravity-Forms on Aretiq AIHugoen-usMon, 01 Jun 2026 00:00:00 +0000https://aretiq.ai/research/vul260601-cve-2026-48866-wordpress-gravity-forms-plugin-file-upload-path-traversal-arbitrary-file-deletion/Mon, 01 Jun 2026 00:00:00 +0000https://aretiq.ai/research/vul260601-cve-2026-48866-wordpress-gravity-forms-plugin-file-upload-path-traversal-arbitrary-file-deletion/<h2 id="1-overview">1. Overview</h2> <p>A path traversal vulnerability exists in the Gravity Forms WordPress plugin&rsquo;s file deletion mechanism. When processing entries that contain file upload fields, the plugin converts stored file URLs to filesystem paths using a simple string replacement without validating that the resulting path remains within the uploads directory. An unauthenticated attacker can submit a form with a crafted <code>gform_uploaded_files</code> parameter containing directory traversal sequences (<code>../</code>), which are stored in the entry database. When a privileged user subsequently deletes the entry or its attached files, the traversal sequences cause the plugin to delete arbitrary files on the server. Deleting critical files such as <code>wp-config.php</code> results in complete site unavailability. Rocketgenius addressed this vulnerability in Gravity Forms version 2.10.1.</p>