Vulnerabilities and security researches forcf7-google-sheets-connector cf7-google-sheets-connector
Direction: ascendingJun 07, 2024
CF7 Google Sheets Connector # CVE-2023-2320
- CVE, Research URL
- Home page URL
- Application
- Date
- Jul 04, 2023
- Research Description
- The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-google-sheets-connector-pro WordPress plugin through 5.0.2 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
- Affected versions
-
max 5.0.2.
- Status
-
vulnerable
CF7 Google Sheets Connector # CVE-2023-44989
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 26, 2024
- Research Description
- Insertion of Sensitive Information into Log File vulnerability in GSheetConnector CF7 Google Sheets Connector.This issue affects CF7 Google Sheets Connector: from n/a through 5.0.5.
- Affected versions
-
max 5.0.6.
- Status
-
vulnerable
Jun 10, 2024
CF7 Google Sheets Connector # CVE-2024-5654
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 08, 2024
- Research Description
- The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'execute_post_data_cg7_free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site configuration settings, including WP_DEBUG, WP_DEBUG_LOG, SCRIPT_DEBUG, and SAVEQUERIES.
- Affected versions
-
max 5.0.10.
- Status
-
vulnerable
Feb 04, 2025
CF7 Google Sheets Connector # CVE-2025-22686
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 03, 2025
- Research Description
- Missing Authorization vulnerability in GSheetConnector CF7 Google Sheets Connector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 Google Sheets Connector: from n/a through 5.0.17.
- Affected versions
-
max 5.0.18.
- Status
-
vulnerable