WesternDeal WPForms Google Sheet Connector CVE-2025-67979
CRITICALSeverity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Improper Control of Generation of Code ('Code Injection') vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through <= 4.0.1.
AnalysisAI
Code injection in WPForms Google Sheet Connector (gsheetconnector-wpforms) WordPress plugin allows arbitrary code execution.
Technical ContextAI
CWE-94 code injection in the WordPress plugin that connects forms to Google Sheets.
Affected ProductsAI
gsheetconnector-wpforms WordPress plugin
RemediationAI
Update plugin.
Same weakness CWE-94 – Code Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today