Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-48866: Gravity Forms allows attackers to access files outside its control.

CVE-2026-48866

Summary

A security issue in Gravity Forms could allow attackers to access files they shouldn't be able to, which could lead to sensitive information being stolen. This issue affects all versions of Gravity Forms up to 2.10.0.1. We recommend updating to the latest version to fix this issue.

Original title

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a th...

Original description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal.

This issue affects Gravity Forms: from n/a through 2.10.0.1.

nvd CVSS3.1 9.6

Vulnerability type

CWE-22 Path Traversal

https://patchstack.com/database/wordpress/plugin/gravityforms/vulnerability/word...

Published: 1 Jun 2026 · Updated: 1 Jun 2026 · First seen: 1 Jun 2026