IDENTITY THEFT VULNERABILITY FOUND IN WORDPRESS GRAVITY FORMS PLUGIN SOLVED
WITH NEW UETA/ESIGN COMPLIANT SIGNATURE PLUGIN BY APPROVEME
FOR IMMEDIATE RELEASE
San Francisco, CA ApproveMe.com – The identity theft vulnerability is related to an insecure method used to store images of a signer’s hand drawn signature (the same signature which is used to buy a house, apply for a credit card, take out a business loan, etc.) on the ftp server of a WordPress website that was using the original non-compliant Gravity Forms Signature Add-On. The original signature plugin available on Gravity Forms website saves an image of hand drawn signatures on an ftp server, putting both the site owner and their signers at high risk for identity theft.
Today ApproveMe announces a solution that patches this security vulnerability by closing the gap between applying it’s proprietary E-Signature security protocol’s to the signature transmission process and complying with the Uniform Electronics Transactions Act (UETA)/U.S. E-Sign Act.
The electronic signature industry is a highly regulated industry, harboring strict laws and regulations surrounding the electronic signature and digital signature transmission process. Given the consistent rise of WordPress usage (over 74,652,825 websites are currently running WordPress), and the fact that 23% of the internet currently employs the open source content manager, a large number of freelancers and small business owners are unknowingly putting themselves and their clients at risk for identity theft by using non-compliant and vulnerable signature plugins.
“Most WordPress contract plugins and signature Add-Ons out there are not legally binding, let alone UETA/ESIGN compliant,” says ApproveMe CEO, Kevin Michael Gray.
“These plugins and add-ons do not adhere to the strict laws and regulations in the document singing industry. Typical signature Add-Ons only capture signature information as it is drawn. The signature data is sent to the web server where this information is converted into a PNG image and stored on a server (which is often times shared with hundreds of other websites on a cheap hosting plan unbeknownst to the website owners),” says Gray.
ApproveMe.me has created the first legally binding, UETA/ESIGN compliant, self-hosted WordPress plugin that solves this E-Signature identity theft vulnerability. Their new WordPress plugin allows freelancers, entrepreneurs and small business owners to safely and confidently accept legitimate digital (encrypted) signatures on their contracts and proposals without exposing the actual signature of their signers to FTP intruders. No image of the legal signature is stored on the FTP server.
Watch the video below to learn more about this new feature: