Primary

Context

GSheetConnector For Ninja Forms Missing Authorization Vulnerability Allows Unauthorized Data Access

Vulnerability

Patched

A vulnerability exists in the GSheetConnector For Ninja Forms WordPress plugin, all versions through 2.0.1, due to a lack of proper capability checks on the 'njform-google-sheet-config' page. This flaw enables authenticated attackers with Subscriber-level access and above to access sensitive system information.

Impact

Exploitation of this vulnerability could lead to unauthorized exposure of system information to authenticated users with Subscriber-level access or higher.

Remediation

Users can update to GSheetConnector For Ninja Forms version 2.0.2 or a newer patched version to address this vulnerability.

Added: Nov 22, 2025, 9:19 AM

Updated: Nov 22, 2025, 9:19 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.1

remediation

7.7

relevance

1.1

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.1

remediation

7.7

relevance

1.1

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GSheetConnector For Ninja Forms Missing Authorization Vulnerability Allows Unauthorized Data Access

Vulnerability

Impact

Remediation

Affected Products

GSheetConnector For Ninja Forms

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating