CVE-2026-4843

Name of the Vulnerable Software and Affected Versions GSheet For Woo Importer versions prior to 2.3.2

Description The GSheet For Woo Importer plugin for WordPress contains a flaw allowing unauthorized loss of data. This is caused by a missing capability check in the process ajax restore action() function, enabling authenticated attackers with Subscriber-level access or higher to delete the Google Sheets API token and configuration options.

Recommendations Update to a version later than 2.3.1. As a temporary workaround, restrict access to the process ajax restore action() function to authorized administrative users only.