Primary

Context

GSheet For Woo Importer Missing Authorization Vulnerability in WordPress

Vulnerability

Patched

A vulnerability exists in the GSheet For Woo Importer plugin for WordPress, all versions through 2.3.1, due to a lack of proper capability checks in the process_ajax_restore_action() function. This flaw allows authenticated attackers with Subscriber-level access or higher to delete the plugin's Google Sheets API token and configuration options, leading to unauthorized data loss.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of the Google Sheets API token and configuration options from the affected WordPress site.

Remediation

Users are advised to update the GSheet For Woo Importer plugin to version 2.4.1 or a newer patched version.

Added: May 21, 2026, 8:22 PM

Updated: May 21, 2026, 8:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

0.0

relevance

9.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

0.0

relevance

9.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GSheet For Woo Importer Missing Authorization Vulnerability in WordPress

Vulnerability

Impact

Remediation

Affected Products

GSheet For Woo Importer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating