Enable Turnstile (Cloudflare) for Gravity Forms

A lightweight plugin to enable Cloudflare's Turnstile alternative CAPTCHA on your Gravity Forms.

v1.7.1SullyUpdated 6 days agoAdded 3 years ago700 installs100% rating

captcha cloudflare gravity forms spam protection turnstile

Score

Errors

Warnings

Change

Category Scores

Security78

Repo94

Performance100

Maintainability86

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

15 findings

Maintainability

7 issue groups

Security

3 issue groups

Repo Compliance

1 issue group

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.3

Category: Security
Occurrences: 3
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;3

Category: Maintainability
Occurrences: 3
Severity: error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protection Reference

ERRORMaintainabilityOffloaded ContentFound call to wp_enqueue_script() with external resource. Offloading scripts to your servers or any remote service is disallowed.1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

Found call to wp_enqueue_script() with external resource. Offloading scripts to your servers or any remote service is disallowed.

PluginCheck.CodeAnalysis.EnqueuedResourceOffloading.OffloadedContent

ERRORMaintainabilitydate datedate() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WordPress.DateTime.RestrictedFunctions.date_date

WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "init_SS88GFFCT".1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "init_SS88GFFCT".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound

WARNINGMaintainabilityerror log error logerror_log() found. Debug code should not normally be used in production.1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

error_log() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_error_log

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST['cf-turnstile-response']1

Category: Security
Occurrences: 1
Severity: warning

Sample message

Detected usage of a non-sanitized input variable: $_POST['cf-turnstile-response']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

WARNINGSecurityRequest data is not unslashed$_POST['cf-turnstile-response'] not unslashed before sanitization. Use wp_unslash() or similar1

Category: Security
Occurrences: 1
Severity: warning

Sample message

$_POST['cf-turnstile-response'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash

ERRORMaintainabilityNo Explicit VersionVersion parameter is not explicitly set or has been set to an equivalent of "false" for wp_enqueue_script; This means that the WordPress core version will be used which is not recommended for plugin or theme development.1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

Version parameter is not explicitly set or has been set to an equivalent of "false" for wp_enqueue_script; This means that the WordPress core version will be used which is not recommended for plugin or theme development.

WordPress.WP.EnqueuedResourceParameters.NoExplicitVersion

ERRORRepo Complianceplugin header no licenseMissing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.1

Category: Repo Compliance
Occurrences: 1
Severity: error

Sample message

Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.

plugin_header_no_license Reference

Show 1 more

ERRORMaintainabilitywp function not compatible with requires wp1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

Function "wp_doing_ajax()" requires WordPress 4.7.0, but your plugin minimum supported version is WordPress 4.1.0.

wp_function_not_compatible_with_requires_wp Reference

External Connections

Potential connections found in static code analysis.

4 domains

Outbound calls

External assets

Incoming endpoints

Notable Domains

ss88.us3 · outbound

Platform / Reference Domains

w3.org1 · platform/reference

wordpress.org1 · platform/reference

External Asset Domains

challenges.cloudflare.com3 · asset + outbound

Incoming Endpoints

No public endpoints detected.

Score History

First score snapshot

2 days ago

v1.7.1

Latest

Findings: 15
Errors: 8
Warnings: 7
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
2 days agoLatest	84	15	8	7	v1.7.1	2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

30 nodes

Loading map

PluginAuthorCategoryIssueDomainRelated

Relationship links

Issue

Domain

ss88.us3 signals

Related Plugins

AI Content Signals

500 active installs

100

Dam Spam

1k+ active installs

100

DS CF7 Math Captcha

10k+ active installs

100

Kitgenix CAPTCHA for Cloudflare Turnstile

500 active installs

100

10k+ active installs

100

BotBlocker Security – Firewall & Bot Protection

3k+ active installs