Platform
wordpress
Component
gsheetconnector-wpforms
Opgelost in
4.0.2
CVE-2025-67979 describes a Remote Code Execution (RCE) vulnerability within the WPForms Google Sheet Connector plugin. This flaw allows attackers to inject malicious code, potentially leading to complete compromise of the WordPress website. The vulnerability impacts versions from 0.0 up to and including 4.0.1, and a patch is available in version 4.0.2.
The vulnerability stems from improper control over code generation, enabling code injection. An attacker could leverage this to execute arbitrary PHP code on the server hosting the WordPress site. This could lead to a wide range of malicious activities, including data theft (user credentials, sensitive information stored in the database), website defacement, installation of malware, and even complete server takeover. The impact is particularly severe given the widespread use of WPForms and its Google Sheet integration for collecting user data.
This vulnerability is considered highly critical due to the ease of exploitation and potential impact. While no public exploits have been widely reported as of the publication date, the code injection nature of the vulnerability makes it a prime target for exploitation. It is likely to be added to the CISA KEV catalog soon. Public proof-of-concept code is expected to emerge shortly after public disclosure.
Websites utilizing the WPForms Google Sheet Connector plugin, particularly those handling sensitive user data or operating in high-risk environments, are at significant risk. Shared hosting environments where multiple WordPress sites share the same server resources are also particularly vulnerable, as a compromise of one site could potentially lead to the compromise of others.
• wordpress / composer / npm:
grep -r 'gsheetconnector-wpforms' /var/www/html/
wp plugin list | grep gsheetconnector-wpforms• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/gsheetconnector-wpforms/ | grep -i 'Content-Type: application/octet-stream'disclosure
Exploit Status
EPSS
0.05% (16% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation is to immediately upgrade the WPForms Google Sheet Connector plugin to version 4.0.2 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the plugin. As a short-term workaround, restrict file upload capabilities within the plugin's configuration if possible. Monitor WordPress access logs for suspicious activity, particularly requests containing unusual PHP code or attempts to access sensitive files. Implement a Web Application Firewall (WAF) with rules to detect and block code injection attempts targeting the plugin's endpoints.
Update naar versie 4.0.2, of een nieuwere gepatchte versie
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-67979 is a critical Remote Code Execution vulnerability in the WPForms Google Sheet Connector plugin, allowing attackers to execute arbitrary code on your WordPress site.
You are affected if you are using WPForms Google Sheet Connector versions 0.0 through 4.0.1. Check your plugin version and upgrade immediately.
Upgrade the WPForms Google Sheet Connector plugin to version 4.0.2 or later. If immediate upgrade is not possible, disable the plugin temporarily.
While no widespread exploitation has been confirmed, the vulnerability's ease of exploitation suggests it is likely to be targeted soon.
Refer to the official WPForms website and security advisory page for the latest information and updates regarding CVE-2025-67979.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.