Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in CF7 Google Sheets Connector 5.0.9

  • Severity: medium-risk
  • Status: Fixed
  • Publication: June 7, 2024

The plugin called CF7 Google Sheets Connector for WordPress has a security issue that allows unauthorized changes to be made to data. This is because the ‘execute_post_data_cg7_free’ function does not have a proper check for permissions. This vulnerability exists in all versions up to 5.0.9, which means that even the current version is affected. This could potentially allow attackers without proper authentication to change important site settings, such as WP_DEBUG, WP_DEBUG_LOG, SCRIPT_DEBUG, and SAVEQUERIES.

Detected in:

CF7 Google Sheets Connector fixed vulnerable versions: >= * <= 5.0.9
Google Sheets Connector for CF7 fixed vulnerable versions:
GSheetConnector for CF7 – Connect Contact Form 7 to Google Sheets and Send Form Submissions in Real Time fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.