Gravity Forms 2.6.1 file upload broken with WordFence

  • Resolved caldwell

    (@caldwell)


    2 years, 6 months ago

    I have confirmed through trial and error that turning OFF the rule for:

    file_upload Malicious File Upload (PHP)

    will allow Gravity Forms to upload a user-submitted photo.

    There is no standard file being uploaded. These are photos snapped by phone cameras or uploaded from a desktop/laptop from photo archive.

    There are no errors which appear.

    Learning Mode worked but failed to continue to work once Protection mode was turned back on.

    There is no easy way to craft an URL for bypassing or whitelisting the firewall.

    For now, this rule has to be disabled (and will remain so) for this form to work.

    WordFence support?

Viewing 1 replies (of 1 total)

  • Thanks for reaching out.

    If you are running PHP 8+ then that is what is going on here. We have a fix scheduled for this soon but have not released it yet. There are 2 other malicious file upload rules and various others for specific plugin vulnerabilities that will protect you so you aren’t in any danger.

    Just so you are aware, WordPress doesn’t recommend switching to PHP 8+ yet. We are still making compatibility changes as we run up on them. The next release of the plugin contains quite a few.

    Tim

Viewing 1 replies (of 1 total)
  • The topic ‘Gravity Forms 2.6.1 file upload broken with WordFence’ is closed to new replies.