Vulnerabilities and security researches forgsheetconnector-wpforms gsheetconnector-wpforms

Jun 07, 2024

CVE, Research URL: CVE-2023-2321
Home page URL: Security reports for WPForms Google Sheet Connector
Application: WPForms Google Sheet Connector
Date: Jul 04, 2023
Research Description: The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gsheetconnector-wpforms-pro WordPress plugin through 3.4.6 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected versions: max 3.4.6.
Status: vulnerable

Jan 11, 2026

CVE, Research URL: CVE-2025-67570
Home page URL: Security reports for WPForms Google Sheet Connector
Application: WPForms Google Sheet Connector
Date: Dec 09, 2025
Research Description: Missing Authorization vulnerability in GSheetConnector by WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPForms Google Sheet Connector: from n/a through <= 4.0.0.
Affected versions: max 4.0.0.
Status: vulnerable