Does Sheet2Site have any unpatched vulnerabilities?

Yes — Sheet2Site currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Sheet2Site compatible with WordPress 5.2.24?

According to WordPress.org data, Sheet2Site 1.0.18 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is Sheet2Site compatible with PHP 5.2+?

Sheet2Site requires PHP 5.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Sheet2Site updated?

Sheet2Site was last updated on Jun 7, 2021. Frequent updates are generally a positive security signal.

What is Sheet2Site's security score?

Sheet2Site has a WP-Safety security score of 64/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sheet2Site Security & Risk Analysis

wordpress.org/plugins/sheet2site

Sheet2Site - Embed your Google Sheet into your WordPress website.

400 active installs v1.0.18 PHP 5.2+ WP 4.0+ Updated Jun 7, 2021

google-sheetssheetsheetsspreadsheetspreadsheets

C · Use Caution

CVEs total1

Unpatched1

Last CVEApr 1, 2025

Plugin page Download

Safety Verdict

Is Sheet2Site Safe to Use in 2026?

Use With Caution

Score 64/100

Sheet2Site has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 1, 2025Updated 4yr ago

Risk Assessment

The Sheet2Site plugin version 1.0.18 presents a mixed security posture. While it demonstrates some good practices like using prepared statements for all SQL queries and performing external HTTP requests, its overall security is compromised by critical weaknesses. The static analysis reveals a concerning lack of authorization checks on a significant portion of its attack surface, specifically an AJAX handler. This, combined with a very low percentage of properly escaped output, creates a substantial risk of cross-site scripting (XSS) vulnerabilities and potentially other injection attacks. The vulnerability history further reinforces these concerns, highlighting a known medium severity XSS vulnerability that remains unpatched. This ongoing, unaddressed issue, coupled with the structural weaknesses identified in the code, indicates a plugin that requires immediate attention from its developers and administrators.

Key Concerns

Unpatched CVE: 1 Medium
AJAX handler without auth checks
Low percentage of output escaping
Lack of capability checks

Vulnerabilities

Sheet2Site Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-31762medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Sheet2Site <= 1.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 1, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Sheet2Site Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

11% escaped9 total outputs

Attack Surface

1 unprotected

Sheet2Site Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_accept_termssheet2site.php:216

Shortcodes 1

[sheet2site] sheet2site.php:59

WordPress Hooks 6

actioninitsheet2site.php:212

actionadmin_noticessheet2site.php:213

actionadmin_menusheet2site.php:214

actionadmin_enqueue_scriptssheet2site.php:215

filterplugin_action_linkssheet2site.php:217

actiondeactivate_sheet2site/sheet2site.phpsheet2site.php:218

Maintenance & Trust

Sheet2Site Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedJun 7, 2021

PHP min version5.2

Downloads11K

Community Trust

Rating100/100

Number of ratings1

Active installs400

Alternatives

Sheet2Site Alternatives

Sheet Monkey's Contact Form 7 to Google Sheets

cf7-to-google-sheets

The simple and secure way to connect Contact Form 7 to Google Sheets.

300 No CVEs

GSheets Connector

sheetlink

Sync your WordPress posts, custom post types, and WooCommerce orders, including custom fields, to Google Spreadsheets using available filter hooks.

100 1 unpatched

LiveSheets: Google Sheets | Data table | Spreadsheets

livesheets

Transform google spreadsheets, google sheets into stunning data tables.

0 No CVEs

WPGSI: Spreadsheet Integration

wpgsi

Google sheet two-way sync 🔄 WordPress | WooCommerce | Contact form 7 | DB table | Google sheet as a Table.

2K 5 CVEs

GSheetConnector for Gravity Forms – Send Gravity Forms Entries to Google Sheets in Real-Time

gsheetconnector-gravity-forms

Send Gravity Forms entries to Google Sheets in real-time. Automatically sync Gravity Forms submissions to Google Sheets with secure Google Sheets inte …

1K 3 CVEs

Developer Profile

Sheet2Site Developer Profile

andreyazimov

1 plugin · 400 total installs

trust score

Avg Security Score

64/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Sheet2Site

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sheet2site/assets/sheet2site.js/wp-content/plugins/sheet2site/assets/sheet2site.css

Script Paths

https://sheet2site.com/js/embedded.js

Version Parameters

sheet2site/style.css?ver=sheet2site/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

sheet2site-activationsheet2site-help

Data Attributes

data-sheet2site

JS Globals

sheet2siteAdmin

Shortcode Output

[sheet2site key=

FAQ