WordPress Gravity Forms developer hacked to push backdoored plugins

A supply-chain attack has compromised the popular WordPress plugin Gravity Forms, affecting manual and composer installations of versions 2.9.11.1 and 2.9.12 downloaded between July 10 and 11, 2025.