GSheetConnector For WPForms – WPForms Google Sheets Integration (Real-Time Sync) Security & Risk Analysis

wordpress.org/plugins/gsheetconnector-wpforms

Connect WPForms to Google Sheets and automatically send form entries to a google sheet in real-time. No manual exports, no coding required.

8K active installs v4.0.3 PHP 7.4+ WP 5.6+ Updated Jan 17, 2026

contact-form-google-sheetsgoogle-sheets-integrationwpformswpforms-google-sheetswpforms-google-sheets-integration

A · Safe

CVEs total3

Unpatched0

Last CVEFeb 4, 2026

Plugin page Download

Safety Verdict

Is GSheetConnector For WPForms – WPForms Google Sheets Integration (Real-Time Sync) Safe to Use in 2026?

Generally Safe

Score 95/100

GSheetConnector For WPForms – WPForms Google Sheets Integration (Real-Time Sync) has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Feb 4, 2026Updated 2mo ago

Risk Assessment

The "gsheetconnector-wpforms" plugin version 4.0.3 exhibits a generally good security posture with a robust attack surface protected by authentication checks and proper nonce usage on its AJAX endpoints. The code analysis indicates a commendable effort in utilizing prepared statements for SQL queries and properly escaping output, with a high percentage of these practices being followed. The absence of taint analysis findings for critical or high severity issues further suggests that immediate code execution or cross-site scripting vulnerabilities are not apparent in this specific version's code flow.

However, the plugin's historical vulnerability record is a significant concern. With a total of three known CVEs, including one high-severity and two medium-severity vulnerabilities, the plugin has demonstrated a pattern of past security weaknesses. The common vulnerability types like 'Code Injection', 'Missing Authorization', and 'Cross-site Scripting' are particularly worrying, as they represent fundamental security flaws. While the most recent vulnerability was in the past (2026-02-04), the frequency and types of past issues indicate a need for ongoing vigilance and thorough auditing of future releases. The bundling of potentially outdated libraries like Guzzle and Freemius v1.0 also warrants attention, as these could introduce indirect security risks if not kept current.

In conclusion, while version 4.0.3 of "gsheetconnector-wpforms" appears to have addressed some common coding pitfalls, its historical vulnerability profile cannot be ignored. The developer's commitment to security practices like prepared statements and output escaping is positive, but the recurring types of vulnerabilities suggest a deeper architectural or design issue that may require more comprehensive remediation. Users should be aware of the past security incidents and ensure they are always running the latest patched version, while also considering the potential for future vulnerabilities.

Key Concerns

History of high severity vulnerabilities
History of medium severity vulnerabilities
Bundled outdated library: Freemius v1.0
Bundled outdated library: Guzzle

Vulnerabilities

GSheetConnector For WPForms – WPForms Google Sheets Integration (Real-Time Sync) Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2025-67979high · 8.8Improper Control of Generation of Code ('Code Injection')

WPForms Google Sheet Connector <= 4.0.1 - Authenticated (Subscriber+) Remote Code Execution

Feb 4, 2026 Patched in 4.0.2 (6d)

CVE-2025-67570medium · 5.3Missing Authorization

WPForms Google Sheet Connector <= 4.0.0 - Missing Authorization

Dec 4, 2025 Patched in 4.0.1 (8d)

CVE-2023-2321medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPForms Google Sheet Connector <= 3.4.5 - Reflected Cross-Site Scripting

Jun 12, 2023 Patched in 3.4.6 (225d)

Code Analysis

Analyzed Mar 16, 2026

GSheetConnector For WPForms – WPForms Google Sheets Integration (Real-Time Sync) Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

484 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

GuzzleFreemius1.0

SQL Query Safety

71% prepared7 total queries

Output Escaping

84% escaped577 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

verify_wpform_gs_integation (gsheetconnector-wpforms.php:445)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

GSheetConnector For WPForms – WPForms Google Sheets Integration (Real-Time Sync) Attack Surface

Entry Points12

Unprotected0

AJAX Handlers 12

authwp_ajax_wp_clear_logsgsheetconnector-wpforms.php:185

authwp_ajax_verify_wpform_gs_integationgsheetconnector-wpforms.php:188

authwp_ajax_wp_clear_debug_logsgsheetconnector-wpforms.php:207

authwp_ajax_wpform_gs_set_auth_expired_adds_intervalincludes\class-wpform-adds.php:23

authwp_ajax_wpform_gs_close_auth_expired_adds_intervalincludes\class-wpform-adds.php:24

authwp_ajax_get_wpformsincludes\class-wpforms-integration.php:21

authwp_ajax_deactivate_wpformgsc_integationincludes\class-wpforms-integration.php:26

authwp_ajax_set_upgrade_notification_intervalincludes\class-wpforms-integration.php:29

authwp_ajax_close_upgrade_notification_intervalincludes\class-wpforms-integration.php:30

authwp_ajax_gscwpform_install_pluginincludes\class-wpforms-integration.php:33

authwp_ajax_gscwp_activate_pluginincludes\class-wpforms-integration.php:36

authwp_ajax_gscwpform_deactivate_pluginincludes\class-wpforms-integration.php:39

WordPress Hooks 28

filterdoing_it_wrong_trigger_errorgsheetconnector-wpforms.php:81

actionwpforms_loadedgsheetconnector-wpforms.php:157

actionadmin_initgsheetconnector-wpforms.php:176

actionadmin_menugsheetconnector-wpforms.php:179

actionwp_dashboard_setupgsheetconnector-wpforms.php:182

actioninitgsheetconnector-wpforms.php:191

actioninitgsheetconnector-wpforms.php:194

filterplugin_row_metagsheetconnector-wpforms.php:199

actionadmin_initgsheetconnector-wpforms.php:201

actionadmin_initgsheetconnector-wpforms.php:204

actionadmin_noticesgsheetconnector-wpforms.php:307

actionnetwork_admin_noticesgsheetconnector-wpforms.php:308

actionadmin_print_stylesgsheetconnector-wpforms.php:472

actionadmin_print_scriptsgsheetconnector-wpforms.php:473

actionadmin_initincludes\class-wpform-adds.php:22

actionadmin_noticesincludes\class-wpform-adds.php:45

actionadmin_post_wpform_gs_saveincludes\class-wpforms-integration.php:23

actionwpforms_process_entry_saveincludes\class-wpforms-integration.php:28

filteradmin_footer_textincludes\pages\admin-footer.php:19

actionwpforms_form_settings_panel_contentincludes\wpforms-panel.php:38

actionwpforms_process_entry_saveincludes\wpforms-panel.php:40

actionwpforms_builder_enqueuesincludes\wpforms-panel.php:42

filterwpforms_builder_settings_sectionsincludes\wpforms-panel.php:43

filterwpforms_builder_stringsincludes\wpforms-panel.php:44

filterwpforms_helpers_templates_include_html_locatedincludes\wpforms-panel.php:45

filterwpforms_save_form_argsincludes\wpforms-panel.php:47

filterwpforms_builder_save_form_response_dataincludes\wpforms-panel.php:314

actionplugins_loadedincludes\wpforms-panel.php:1194

Maintenance & Trust

GSheetConnector For WPForms – WPForms Google Sheets Integration (Real-Time Sync) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 17, 2026

PHP min version7.4

Downloads156K

Community Trust

Rating86/100

Number of ratings18

Active installs8K

Alternatives

GSheetConnector For WPForms – WPForms Google Sheets Integration (Real-Time Sync) Alternatives

WPSyncSheets For WPForms – Google Sheets Connector for WPForms & Real‑Time Data Export

wpsyncsheets-wpforms

Connect WPForms to Google Sheets and automatically sync form entries in real-time. Eliminate manual data entry and simplify your workflow.

300 1 CVE

Image CAPTCHA for Contact Form 7 and WPForms by HookAndHook (DSGVO/GDPR)

contact-form-7-image-captcha

100

Adds an Image CAPTCHA to Contact Form 7 and WPForms, GDPR ready, perfect WPForms or Contact Form 7 Spam Protection Image CAPTCHA, adds a honeypot

80K No CVEs

Database for Contact Form 7, WPforms, Elementor forms

contact-form-entries

Saves Contact Form 7, WPforms,Elementor Forms, CRM Perks Forms and many other contact form submissions to database.

70K 14 CVEs

GSheetConnector for CF7 – Connect Contact Form 7 to Google Sheets and Send Form Submissions in Real Time

cf7-google-sheets-connector

Send your Contact Form 7 data directly to your Google Sheets spreadsheet.

40K 4 CVEs

Utimate Kit ( Styler ) for WPForms

styler-for-wpforms

100

Ultimate Kit for WPForms makes the task of designing WPForms an easy one.

30K No CVEs

Developer Profile

GSheetConnector For WPForms – WPForms Google Sheets Integration (Real-Time Sync) Developer Profile

WesternDeal

11 plugins · 63K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

126 days

View full developer profile

Detection Fingerprints

How We Detect GSheetConnector For WPForms – WPForms Google Sheets Integration (Real-Time Sync)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gsheetconnector-wpforms/assets/css/custom-style.css/wp-content/plugins/gsheetconnector-wpforms/assets/js/gsheetconnector-wpforms.js/wp-content/plugins/gsheetconnector-wpforms/assets/js/gsheetconnector-wpforms-settings.js/wp-content/plugins/gsheetconnector-wpforms/assets/css/gsheetconnector-admin.css/wp-content/plugins/gsheetconnector-wpforms/assets/js/gsheetconnector-admin.js/wp-content/plugins/gsheetconnector-wpforms/assets/js/gsheetconnector-wizard.js/wp-content/plugins/gsheetconnector-wpforms/assets/css/gsheetconnector-wizard.css/wp-content/plugins/gsheetconnector-wpforms/assets/css/gsheetconnector-common.css+1 more

Version Parameters

/wp-content/plugins/gsheetconnector-wpforms/assets/css/custom-style.css?ver=/wp-content/plugins/gsheetconnector-wpforms/assets/js/gsheetconnector-wpforms.js?ver=/wp-content/plugins/gsheetconnector-wpforms/assets/js/gsheetconnector-wpforms-settings.js?ver=/wp-content/plugins/gsheetconnector-wpforms/assets/css/gsheetconnector-admin.css?ver=/wp-content/plugins/gsheetconnector-wpforms/assets/js/gsheetconnector-admin.js?ver=/wp-content/plugins/gsheetconnector-wpforms/assets/js/gsheetconnector-wizard.js?ver=/wp-content/plugins/gsheetconnector-wpforms/assets/css/gsheetconnector-wizard.css?ver=/wp-content/plugins/gsheetconnector-wpforms/assets/css/gsheetconnector-common.css?ver=/wp-content/plugins/gsheetconnector-wpforms/assets/js/gsheetconnector-common.js?ver=

HTML / DOM Fingerprints

CSS Classes

gsheetconnector-main-titlegsheetconnector-integration-statusgsheetconnector-form-itemgsheetconnector-field-mapgsheetconnector-add-fieldgsheetconnector-wizard-stepgsheetconnector-modal-overlaygsheetconnector-settings-form+3 more

HTML Comments

+1 more

Data Attributes

data-gsheetconnector-fielddata-gsheetconnector-mappingdata-gsheetconnector-stepdata-gsheetconnector-modal-targetdata-gsheetconnector-form-id

JS Globals

gsheetConnectorSettingsgsheetConnectorAdmingsheetConnectorWizardgsheetConnectorCommonwpforms_gsheet_connector_ajax_object

REST Endpoints

/wp-json/gsheetconnector-wpforms/v1/settings/wp-json/gsheetconnector-wpforms/v1/save_settings/wp-json/gsheetconnector-wpforms/v1/verify_connection/wp-json/gsheetconnector-wpforms/v1/get_forms

FAQ