Skip to main content

Category: Risk Assessment

  • Guidance on File Uploads

    Only use WordPress Gravity Forms for Non-sensitive Information (Tier 0 or 1)! The Gravity Forms plugin included with ITS Self-service and Enterprise WordPress offerings does not limit access to file uploads; these files are stored in a world readable directory that anyone can reach (see Security Best Practices of the Gravity Forms documentation). Carefully consider the type of data you intend to collect and the… Read More about Guidance on File Uploads.

Last updated: September 6, 2023
I-T-S