This issue affects Gravity Forms: from n/a through 2.10.0.1.
Analysis and contextual insights are available on OpenCVE Cloud.
Vendor Solution
Update the WordPress Gravity Forms Plugin to the latest available version (at least 2.10.1).
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 01 Jun 2026 18:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Rocketgenius
Rocketgenius gravityforms Wordpress Wordpress wordpress |
|
| Vendors & Products |
Rocketgenius
Rocketgenius gravityforms Wordpress Wordpress wordpress |
Mon, 01 Jun 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 01 Jun 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1. | |
| Title | WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Patchstack
Published:
Updated: 2026-06-01T16:19:18.234Z
Reserved: 2026-05-25T22:10:00.865Z
Link: CVE-2026-48866
Updated: 2026-06-01T16:19:12.596Z
Status : Deferred
Published: 2026-06-01T15:16:38.273
Modified: 2026-06-01T16:41:55.090
Link: CVE-2026-48866
No data.
OpenCVE Enrichment
Updated: 2026-06-01T17:45:25Z