PT-2026-42533 · WordPress · Gsheet For Woo Importer

Abhirup Konwar

·

Published

2026-05-21

·

Updated

2026-05-21

·

CVE-2026-4843

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions GSheet For Woo Importer versions prior to 2.3.2
Description The GSheet For Woo Importer plugin for WordPress contains a flaw allowing unauthorized loss of data. This is caused by a missing capability check in the process ajax restore action() function, enabling authenticated attackers with Subscriber-level access or higher to delete the Google Sheets API token and configuration options.
Recommendations Update to a version later than 2.3.1. As a temporary workaround, restrict access to the process ajax restore action() function to authorized administrative users only.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-4843

Affected Products

Gsheet For Woo Importer