At our March 13 Lunch and Learn (recording), we chatted about an option within Gravity Forms that allows users to create a form that adds a draft post to the site. Within the plugin, this is called the “Form to Post” feature.
After reviewing the feature in more detail, we determined that this option could introduce some risks for our sites:
- If the form is public, it could get spammed.
- Spam could include ad content that links to explicit websites.
- Spam links can also be nefarious phishing attempts.
- The current option allows for publishing a post automatically.
- Spam content could get published, which could make it look like official UW content.
- Content could by-pass administrator review.
- The current form option allows for photo uploads, and these are automatically saved in the Media Library.
- If a form got spammed, this could upload tons of images to your Media Library.
- It may be challenging for our users to maintain their Media Library content if images can be uploaded by random participants.
For these reasons, we have made the decision to remove this option from the plugin (effective Monday, March 24). We will also be removing the Pricing Fields options at that time, as these have never been available for use within WiscWeb. Update: We will not remove the Pricing fields as there are legitimate use cases that are not resulting in a security risk.
If you are using the Form to Post option for your site, please reach out to us as soon as possible to learn about alternative solutions for your website needs.