CVE-2025-67979
Awaiting Analysis Awaiting Analysis - Queue
Code Injection in WPForms Google Sheet Connector

Publication date: 2026-02-20

Last updated on: 2026-02-27

Assigner: Patchstack

Description
Improper Control of Generation of Code ('Code Injection') vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through <= 4.0.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-02-27
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-14
NVD
CVE-2025-67979
EUVD
EUVD-2025-208048
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack gsheetconnector-wpforms From 4.0.1|end_including=4.0.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-67979 is a high-severity Remote Code Execution (RCE) vulnerability in the WordPress WPForms Google Sheet Connector Plugin versions up to and including 4.0.1.

This vulnerability is a type of code injection that allows a malicious actor to execute arbitrary commands on the target website.

It falls under the OWASP Top 10 category A3: Injection.

Exploitation requires only subscriber or developer privileges, making it particularly dangerous.

Impact Analysis

This vulnerability can allow an attacker to gain backdoor access and full control over the affected WordPress site.

With arbitrary command execution, the attacker can manipulate site data, deface the website, steal sensitive information, or use the site as a platform for further attacks.

Because the vulnerability requires only subscriber or developer privileges to exploit, it increases the risk of compromise from lower-level users.

Compliance Impact

I don't know

Detection Guidance

This vulnerability allows remote code execution via the WPForms Google Sheet Connector Plugin up to version 4.0.1. Detection involves monitoring for unusual or unauthorized execution of commands on the WordPress site, especially those originating from subscriber or developer privilege accounts.

While specific commands are not provided, general detection methods include checking for suspicious HTTP requests targeting the plugin endpoints, reviewing web server logs for unusual POST requests, and scanning for signs of code injection attempts.

  • Use web server log analysis tools to identify suspicious requests to the WPForms Google Sheet Connector plugin.
  • Run WordPress security plugins or scanners that can detect known vulnerable plugin versions.
  • Check the installed plugin version with the command: wp plugin list | grep gsheetconnector-wpforms
  • Monitor for unexpected command execution or new files created in the WordPress installation directory.
Mitigation Strategies

The most immediate and effective mitigation step is to update the WPForms Google Sheet Connector Plugin to version 4.0.2 or later, where this vulnerability is patched.

Until the update can be applied, it is recommended to implement the automatic mitigation rule provided by Patchstack, which blocks attacks targeting this vulnerability.

Additionally, consider enabling auto-updates for vulnerable plugins to ensure timely protection against similar issues in the future.

Restrict subscriber and developer privileges where possible to reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67979. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart