Category: Risk Assessment
-
Guidance on File Uploads
Only use WordPress Gravity Forms for Non-sensitive Information (Tier 0 or 1)! The Gravity Forms plugin included with ITS Self-service and Enterprise WordPress offerings does not limit access to file uploads; these files are stored in a world readable directory that anyone can reach (see Security Best Practices of the Gravity Forms documentation). Carefully consider the type of data you intend to collect and the… Read More about Guidance on File Uploads.