Does GSheets Connector have any unpatched vulnerabilities?

Yes — GSheets Connector currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is GSheets Connector compatible with WordPress 6.7.5?

According to WordPress.org data, GSheets Connector 1.1.1 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is GSheets Connector compatible with PHP 7.2+?

GSheets Connector requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is GSheets Connector updated?

GSheets Connector was last updated on Feb 28, 2025. Frequent updates are generally a positive security signal.

What is GSheets Connector's security score?

GSheets Connector has a WP-Safety security score of 70/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GSheets Connector Security & Risk Analysis

wordpress.org/plugins/sheetlink

Sync your WordPress posts, custom post types, and WooCommerce orders, including custom fields, to Google Spreadsheets using available filter hooks.

100 active installs v1.1.1 PHP 7.2+ WP 5.2+ Updated Feb 28, 2025

automationgoogle-sheetsgoogle-spreadsheetssheetssync-posts-custom-post-types

B · Generally Safe

CVEs total1

Unpatched1

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is GSheets Connector Safe to Use in 2026?

Mostly Safe

Score 70/100

GSheets Connector is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Sep 22, 2025Updated 1yr ago

Risk Assessment

The "sheetlink" plugin v1.1.1 presents a mixed security posture. On the positive side, it demonstrates good practices in SQL query handling, utilizing prepared statements exclusively and also shows a high percentage of properly escaped output. Nonce checks are also present on all identified AJAX entry points, which is a commendable security measure.

However, significant concerns arise from the attack surface analysis. The plugin has a single AJAX handler, and crucially, this handler lacks authentication checks. This is a direct entry point for unauthenticated users to interact with the plugin's backend functionality, posing a considerable risk. While the taint analysis did not reveal critical or high-severity issues, the presence of "flows with unsanitized paths" suggests potential for vulnerabilities if the sanitized data is later used in a sensitive operation.

The vulnerability history reveals a pattern of "Deserialization of Untrusted Data" with one unpatched medium-severity CVE. This, combined with the unauthenticated AJAX handler, indicates a concerning tendency for the plugin to expose itself to risks that require careful validation of incoming data. The plugin's strengths in SQL and output handling are overshadowed by the critical vulnerability of an unauthenticated AJAX endpoint and a history of deserialization issues.

Key Concerns

Unprotected AJAX handler
Unpatched medium severity CVE
Flows with unsanitized paths

Vulnerabilities

GSheets Connector Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-53465medium · 6.6Deserialization of Untrusted Data

GSheets Connector <= 1.1.1 - Authenticated (Administrator+) PHP Object Injection

Sep 22, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

GSheets Connector Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

90 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared4 total queries

Output Escaping

97% escaped93 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

load_ss_columns (src\Admin\RGSIAdminAjax.php:71)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

GSheets Connector Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_rgsi_dismiss_review_noticesrc\Admin\RGSIUtility.php:8

WordPress Hooks 5

actionplugins_loadedsrc\Admin\RGSIUtility.php:6

actionadmin_noticessrc\Admin\RGSIUtility.php:7

actionadmin_menusrc\Admin\RGSIUtility.php:9

actionwp_dashboard_setupsrc\Admin\RGSIUtility.php:10

actionadmin_footersrc\Admin\RGSIUtility.php:11

Maintenance & Trust

GSheets Connector Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedFeb 28, 2025

PHP min version7.2

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

GSheets Connector Alternatives

OttoKit: All-in-One Automation Platform

suretriggers

Experience the power of automation within WordPress: Connect 1,300+ apps, automate manual tasks, and unlock your full potential. Get started now!

100K 4 CVEs

Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin

uncanny-automator

Uncanny Automator is the easiest and most powerful way to connect your WordPress plugins, sites and apps together with powerful automations.

50K 11 CVEs

Bit integrations – Easy Automator with no-code automation, integrate Webhook and automate 300+ Platform

bit-integrations

Perfect Automation and integration plugin: Connect 300+ platforms and automate CRM, Email marketing tools, Google Sheets, Contact forms, LMS and more

20K 1 CVE

FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.)

fusewp

Subscribe WordPress users to CRM & email marketing software. Constant Contact, Mailchimp ActiveCampaign MailerLite Brevo Klaviyo AWeber HubSpot etc

2K 2 CVEs

WPGSI: Spreadsheet Integration

wpgsi

Google sheet two-way sync 🔄 WordPress | WooCommerce | Contact form 7 | DB table | Google sheet as a Table.

2K 5 CVEs

Developer Profile

GSheets Connector Developer Profile

raoinfotech

3 plugins · 110 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect GSheets Connector

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sheetlink/assets/css/select2.min.css/wp-content/plugins/sheetlink/assets/css/style.css/wp-content/plugins/sheetlink/assets/js/raogsi.js/wp-content/plugins/sheetlink/assets/js/select2.min.js

Script Paths

/wp-content/plugins/sheetlink/assets/js/raogsi.js/wp-content/plugins/sheetlink/assets/js/select2.min.js

Version Parameters

sheetlink/assets/css/select2.min.css?ver=sheetlink/assets/css/style.css?ver=sheetlink/assets/js/raogsi.js?ver=sheetlink/assets/js/select2.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

raogsi-dashboard-wrapper

HTML Comments

+8 more

Data Attributes

data-wp-sourcedata-integration-id

JS Globals

raogsi_params

FAQ