Yesterday a crucial security flaw was discovered in the Gravity Forms Directory plugin and fixed immediately. Version 220.127.116.11 was released and takes care of the issue. __Please update immediately__.
For the security of the users still running older versions, we can’t go into what the flaw was, but it had to do with viewing Gravity Form entries without permission, and was severe.
Gravity Forms Directory versions affected: 2.4.1 – 18.104.22.168. Version 22.214.171.124. fixes the problem
The flaw was discovered by Baruch Moskovits. We released a patch within one hour of the discovery.
Download the “Change Entry Creator” Gravity Forms Add-on
This simple plugin allows you to edit who created an entry in Gravity Forms.
When you have an entry from Gravity Forms that you want to edit, you can edit almost anything, except for the entry assignment; who created the entry.
Activate the plugin and you will see a drop-down input with each user on your site.
- Only users with entry entry editing capability will be able to see the drop-down and edit the entry (the `gravityforms_edit_entries` capability)
- Select a new user from the drop-down, update the entry, and the entry creator will be updated.
- A note will be added to the entry with the following information:
- Who changed the entry creator
- When the change took place
- Who the previous entry creator was
Simply upload the plugin, activate it, and you’ll see the drop-down in the Edit Lead “Info” box.