Gravity Forms v1.9.4 is now available via automatic update and the customer downloads page. This is a maintenance and security release and we recommend users update as soon as possible.
This release includes a fix for a blind SQL injection vulnerability similar to the issue recently fixed in other popular WordPress plugins such as WPSEO, WooCommerce, and PODS. The scope of this vulnerability was limited to functionality within the Gravity Forms admin by a user within sufficient privileges to view and edit forms within the WordPress Dashboard. By default this vulnerability could only be exploited by a WordPress user with admin privileges to your site and could not be exploited anonymously from the frontend.