According to Patchstack, a very high severity (CVSS 9 out of 10) vulnerability was found in versions of <= 2.9.20 of the Gravity Forms plugin.
This vulnerability would have allowed users to upload malicious files to your website to run arbitrary code.
Thankfully, Workhorse was able to mitigate this within hours of disclosure thanks to “virtual patching.” In addition, we fully remediated all affected versions by updating to the latest secure Gravity Forms version 2.9.21.1 within 12 hours of the vulnerability being disclosed.
These remediations were applied to any Workhorse hosting or retainer client websites.
Please contact us if you have any questions.