Security

Vulnerability in Gravity Forms plugin for WordPress

‼️

Impacted Services: WordPress sites using Gravity Forms on Domain of One's Own, Managed Hosting, Reclaim EDU, Shared Hosting, and Reclaim Cloud

We are writing to inform you of a vulnerability in the WordPress plugin Gravity Forms. As of June 3rd at 1pm ET, we have started an automated update procedure for this plugin on WordPress sites hosted across our infrastructure.

What happened?

A vulnerability disclosure for Gravity Forms (a paid plugin for WordPress) was published on June 1st in Wordfence's Vulnerability Database:

Gravity Forms <= 2.10.0.1 - Unauthenticated Arbitrary File Deletion

This vulnerability makes it possible for unauthenticated users to delete arbitrary files from an impacted site.
This vulnerability affects Gravity Forms versions 2.10.0.1 and earlier and was patched in version 2.10.1. The current version of the plugin as of this writing is 2.10.3.
Gravity Forms is used on many of Domain of One's Own project homepages as part of the "Request Form" functionality, and is also a broadly popular paid WordPress plugin.

Current Status

As of June 3rd at 1 p.m. ET, Reclaim has started an automated update procedure for WordPress sites with the Gravity Forms plugin installed.
This procedure triggers WordPress's built-in update functionality to upgrade the plugin to the latest version available.
- This update procedure covers all WordPress sites with Gravity Forms installed on Domain of One's Own, Managed Hosting, Reclaim EDU, and Shared Hosting.
- This update procedure also includes all Domain of One's Own project homepages where the "Request Form" functionality is implemented using Gravity Forms.

Next Steps

We recommend all users of Gravity Forms check for and install any available updates to the plugin, particularly if you are using version 2.10.0.1 or earlier.
Consider enabling Automatic Background Updates for the Gravity Forms plugin from the WordPress Dashboard's Plugins page (/wp-admin/plugins.php)
If you have a site with an expired license for Gravity Forms where it is no longer possible for you to receive updates to the plugin, we recommend deactivating the Gravity Forms plugin until you've renewed your license.

Contact our Support Team

If you have any further questions or need assistance, please contact our support team.

June Newsletter 2026

Hello and welcome to this month's round up of everything that's happening across our community! This Month Open for Entries: Reclaim's Student Showcase 2026 If you are working with students in a Domain of One’s Own, Shared Hosting or a WordPress Multisite, we

Introducing Our Transparent Pricing Commitment

As an education-focused hosting provider, our pricing philosophy is simple: keep costs as low as possible without compromising quality. We know many of our users are students working with limited budgets and faculty navigating tight departmental funding. Our commitment is to offer reliable, high-quality hosting and responsive, expert support at

Major Upgrades to Domain of One's Own are coming this summer

We’re rolling out a new upgraded version of Domain of One’s Own this summer and we're running dedicated sessions for Admins to find out what's in store. The upgrades will offer Admins centralized and simplified administration, easier updates, increased security and more freedom in

We answer your questions about Reclaim's Student Showcase 2026

If you are working with students in a Domain of One’s Own, Shared Hosting or a Wordpress Multisite, we want to hear from you! To help you make your submission to the student showcase, we answer your questions in this short info video: Who can submit a project? Anyone