Vulnerabilities and security researches forsheets-to-wp-table-live-sync sheets-to-wp-table-live-sync

Apr 25, 2026

CVE, Research URL: CVE-2025-9543
Home page URL: Security reports for Sheets to WP Table Live Sync – WordPress Table Plugin with Google Sheets Integration
Application: Sheets to WP Table Live Sync – WordPress Table Plugin with Google Sheets Integration
Date: Jan 05, 2026
Research Description: The FlexTable WordPress plugin before 3.19.2 does not sanitise and escape the imported links from Google Sheet cells, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: max 3.19.2.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2023-26535
Home page URL: Security reports for Sheets to WP Table Live Sync – WordPress Table Plugin with Google Sheets Integration
Application: Sheets to WP Table Live Sync – WordPress Table Plugin with Google Sheets Integration
Date: Nov 22, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in WPPOOL Sheets To WP Table Live Sync plugin <= 2.12.15 versions.
Affected versions: max 2.13.0.
Status: vulnerable

CVE, Research URL: 70da65d9d7b4fd7fb40f147a0203dcfe1a824af1
Home page URL: Security reports for Sheets to WP Table Live Sync – WordPress Table Plugin with Google Sheets Integration
Application: Sheets to WP Table Live Sync – WordPress Table Plugin with Google Sheets Integration
Date: Dec 14, 2022
Research Description: Table Plugin for WordPress with Google Sheets Integration – Sheets to WordPress Table Live Sync [sheets-to-wp-table-live-sync] < 2.12.15 Appsero <= 1.2.0 - Cross-Site Request Forgery The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 2.12.15.
Status: vulnerable

CVE, Research URL: CVE-2024-34375
Home page URL: Security reports for Sheets to WP Table Live Sync – WordPress Table Plugin with Google Sheets Integration
Application: Sheets to WP Table Live Sync – WordPress Table Plugin with Google Sheets Integration
Date: May 07, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPPOOL Sheets To WP Table Live Sync allows Stored XSS.This issue affects Sheets To WP Table Live Sync: from n/a through 3.7.0.
Affected versions: max 3.7.1.
Status: vulnerable

CVE, Research URL: CVE-2024-32110
Home page URL: Security reports for Sheets to WP Table Live Sync – WordPress Table Plugin with Google Sheets Integration
Application: Sheets to WP Table Live Sync – WordPress Table Plugin with Google Sheets Integration
Date: -
Research Description: FlexTable – Data Table Sync with Google Sheets [sheets-to-wp-table-live-sync] < 3.5.1 CVE-2024-32110
Affected versions: max 3.5.1.
Status: vulnerable