If you or your organization is using Gravity Forms, from RocketGenius, Inc. then you need to update to the latest version ASAP. The most recent version is 1.9.9 and the need to update comes after security provider, Sucuri, uncovered security issues and vulnerabilities in multiple older versions of the plugin, which have resulted in thousands of WordPress sites being compromised.
It’s worth mentioning this here in what would otherwise be something relegated to internal IT communication because an increasing number of performing arts organizations are foregoing the use of formal developer support and opting for the bargain basement, low cost option of cheap hosting and self-managed installations. Granted, sometimes, that’s the only option available but for some, it’s simply a matter of getting suckered into the predatory sales pitch that managing a website is “easy.”
The result is those cheap hosts don’t automatically install updates related to security vulnerabilities (but they’ll be happy to charge you afterward to clean up your compromised site) and unless you’re diligent enough to look at your WordPress install each and every day to look for updates and read the changelog reports, you run a high degree of risk in missing those critical update notices.
From a purely self-interest point of view, every time a performing arts org site becomes compromised, it drives up hosting costs and causes a cascade of problems for everyone else out there staying on top of site security. So please, if your site is using WordPress (WP) and Gravity Forms (GF), don’t contribute to the problem and make sure both are up to date (as of today, the latest version of WP is 4.2.2 and GF is 1.9.9).
Updating is quick and easy and don’t let this spook you either. Gravity Forms continues to be an excellent provider and this problem has more to do with lazy users and hosts who aren’t doing a very good job at maintaining their installations.
If you’re an executive and you’re not sure if your site uses Gravity Forms, double check with whoever is responsible for your site.