Vulnerabilities and security researches forintegration-for-contact-form-7-and-google-sheets integration-for-contact-form-7-and-google-sheets

Apr 02, 2025

CVE, Research URL: CVE-2025-30863
Home page URL: Security reports for Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms
Application: Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms
Date: Mar 27, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms allows Cross Site Request Forgery. This issue affects Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.0.9.
Affected versions: Min -, max -.
Status: vulnerable

Jul 21, 2025

CVE, Research URL: CVE-2025-7697
Home page URL: Security reports for Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms
Application: Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms
Date: Jul 19, 2025
Research Description: The Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.1 via deserialization of untrusted input within the verify_field_val() function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain in the Contact Form 7 plugin, which is likely to be used alongside, allows attackers to delete arbitrary files, leading to a denial of service or remote code execution when the wp-config.php file is deleted.
Affected versions: Min -, max -.
Status: vulnerable