EUVD-2026-31333
GHSA-mh3x-vcwp-x5rh
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the process_ajax_restore_action() function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's Google Sheets API token and configuration options.
AnalysisAI
Missing capability check in GSheet For Woo Importer (WordPress plugin, all versions through 2.3.1) allows authenticated attackers with Subscriber-level access to invoke the process_ajax_restore_action() AJAX function and permanently delete the plugin's Google Sheets API token and associated configuration options. This disrupts WooCommerce product import workflows dependent on the Google Sheets integration. …
Sign in for full analysis, threat intelligence, and remediation guidance.
More from same product – last 7 days
Unauthenticated refund abuse in the Eupago Gateway for WooCommerce WordPress plugin before 4.7.2 lets remote attackers t
Unauthenticated arbitrary file upload in the BookingPress Pro WordPress plugin (versions ≤5.6) enables remote code execu
Authentication bypass in the Login with OTP plugin for WordPress (all versions up to and including 1.6) lets unauthentic
Blind SQL injection in the RealMag777 'Active Products Tables for WooCommerce' WordPress plugin (versions up to and incl
Blind SQL injection in the RealMag777 "Active Products Tables for WooCommerce" WordPress plugin (all versions up to and
Share
External POC / Exploit Code
Leaving vuln.today