Vulnerabilities and security researches forgsheetconnector-gravity-forms gsheetconnector-gravity-forms
Direction: descendingNov 11, 2025
Gravity Forms Google Sheet Connector # CVE-2025-8593
- CVE, Research URL
- Application
- Date
- Oct 11, 2025
- Research Description
- The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to authorization bypass in versions less than, or equal to, 1.3.27. This is due to a missing capability check on the 'install_plugin' function. This makes it possible for authenticated attackers, with subscriber-level access and above to install plugins on the target site and potentially achieve arbitrary code execution on the server under certain conditions.
- Affected versions
-
max 1.3.28.
- Status
-
vulnerable
Gravity Forms Google Sheet Connector # CVE-2025-8606
- CVE, Research URL
- Application
- Date
- Oct 11, 2025
- Research Description
- The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation on the activate_plugin and deactivate_plugin functions. This makes it possible for attackers to trick authenticated administrators into activating or deactivating specified plugins via a forged request, such as clicking on a malicious link or visiting a compromised page.
- Affected versions
-
max 1.3.24.
- Status
-
vulnerable
Jun 07, 2024
Gravity Forms Google Sheet Connector # CVE-2023-2326
- CVE, Research URL
- Application
- Date
- Jun 27, 2023
- Research Description
- The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack
- Affected versions
-
max 1.3.5.
- Status
-
vulnerable