Vulnerabilities and security researches forwp-simple-spreadsheet-fetcher-for-google wp-simple-spreadsheet-fetcher-for-google

Jun 06, 2024

CVE, Research URL: 9cd08c7b544670c599894ecad519a2cfa20e001b
Home page URL: Security reports for WP Simple Spreadsheet Fetcher for Google
Application: WP Simple Spreadsheet Fetcher for Google
Date: Jan 06, 2020
Research Description: WP Simple Spreadsheet Fetcher for Google [wp-simple-spreadsheet-fetcher-for-google] < 0.3.7 WordPress WP Simple Spreadsheet Fetcher for Google plugin <= 0.3.6 - Cross-Site Request Forgery (CSRF) vulnerability Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress WP Simple Spreadsheet Fetcher for Google plugin (versions <= 0.3.6).
Affected versions: max 0.3.7.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: f224ff37-4126-49bc-b432-0d1e177abec8
Home page URL: Security reports for WP Simple Spreadsheet Fetcher for Google
Application: WP Simple Spreadsheet Fetcher for Google
Date: -
Research Description: WP Simple Spreadsheet Fetcher for Google [wp-simple-spreadsheet-fetcher-for-google] < 0.3.7 WP Simple Spreadsheet Fetcher For Google < 0.3.7 - Arbitrary API Key update via CSRF The lack of Cross-Site Request Forgery (CSRF) checks on the plugin's settings page could allow CSRF attacks to set an arbitrary API key.
Affected versions: max 0.3.7.
Status: vulnerable

CVE, Research URL: f8fce47113e556ee0530bb8582de7956f1271b31
Home page URL: Security reports for WP Simple Spreadsheet Fetcher for Google
Application: WP Simple Spreadsheet Fetcher for Google
Date: Jan 05, 2020
Research Description: WP Simple Spreadsheet Fetcher for Google [wp-simple-spreadsheet-fetcher-for-google] < 0.3.7 WP Simple Spreadsheet Fetcher for Google < 0.3.7 - Cross-Site Request Forgery The WP Simple Spreadsheet Fetcher for Google plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 0.3.7. This is due to missing or incorrect nonce validation on the render_settings function. This makes it possible for unauthenticated attackers to arbitrarily change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 0.3.7.
Status: vulnerable