Does SheetLink Forms have any unpatched vulnerabilities?

No. All known vulnerabilities in SheetLink Forms have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is SheetLink Forms compatible with WordPress 6.9.4?

According to WordPress.org data, SheetLink Forms 1.6.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is SheetLink Forms compatible with PHP 7.4+?

SheetLink Forms requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SheetLink Forms updated?

SheetLink Forms was last updated on Unknown. Frequent updates are generally a positive security signal.

What is SheetLink Forms's security score?

SheetLink Forms has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SheetLink Forms Security & Risk Analysis

wordpress.org/plugins/sheetlink-forms

Send WordPress form submissions directly to Google Sheets via a free Google Apps Script receiver. Works on any site without registration.

0 active installs v1.6.2 PHP 7.4+ WP 5.8+ Updated Unknown

contact-form-7formsgoogle-sheetsgravity-formsspreadsheet

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is SheetLink Forms Safe to Use in 2026?

Generally Safe

Score 100/100

SheetLink Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The sheetlink-forms plugin v1.6.3 exhibits a significant security concern due to its extensive attack surface composed entirely of unprotected AJAX handlers. While the code demonstrates good practices in output escaping and largely uses prepared statements for SQL queries, the lack of authentication and capability checks on all 10 identified AJAX entry points creates a critical vulnerability. Any authenticated user could potentially trigger these actions, leading to unintended consequences if the internal logic is not robustly designed against manipulation.

The taint analysis revealing one flow with an unsanitized path, classified as high severity, directly correlates with this lack of authorization. This suggests a potential avenue for attackers to exploit the plugin by manipulating input that is not adequately checked before being used in sensitive operations. The absence of known vulnerabilities in its history is a positive sign, indicating a relatively clean past, but it does not negate the immediate risks presented by the current code's architecture. The plugin's strengths lie in its proper output escaping and SQL handling, but these are overshadowed by the critical security gap in its AJAX endpoints.

Key Concerns

AJAX handlers without auth checks
High severity unsanitized taint flow

Vulnerabilities

None known

SheetLink Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

SheetLink Forms Code Analysis

Dangerous Functions

Raw SQL Queries

20 prepared

Unescaped Output

141 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

87% prepared23 total queries

Output Escaping

100% escaped141 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

<class-admin> (includes\class-admin.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

SheetLink Forms Attack Surface

Entry Points10

Unprotected10

AJAX Handlers 10

authwp_ajax_sheetlink_save_ruleincludes\class-admin.php:13

authwp_ajax_sheetlink_delete_ruleincludes\class-admin.php:14

authwp_ajax_sheetlink_toggle_ruleincludes\class-admin.php:15

authwp_ajax_sheetlink_test_webhookincludes\class-admin.php:16

authwp_ajax_sheetlink_get_scriptincludes\class-admin.php:17

authwp_ajax_sheetlink_clear_logincludes\class-admin.php:18

authwp_ajax_sheetlink_test_routingincludes\class-admin.php:20

authwp_ajax_sheetlink_toggle_enrichmentincludes\class-admin.php:23

authwp_ajax_sheetlink_retry_itemincludes\class-admin.php:24

authwp_ajax_sheetlink_purge_queueincludes\class-admin.php:25

WordPress Hooks 20

actionadmin_menuincludes\class-admin.php:9

actionadmin_enqueue_scriptsincludes\class-admin.php:10

filterwp_privacy_personal_data_exportersincludes\class-gdpr.php:16

filterwp_privacy_personal_data_erasersincludes\class-gdpr.php:17

actionnetwork_admin_menuincludes\class-multisite.php:20

actionelementor_pro/forms/new_recordincludes\class-sync-engine.php:18

actionwpcf7_mail_sentincludes\class-sync-engine.php:23

actiongform_after_submissionincludes\class-sync-engine.php:28

actionwpforms_process_completeincludes\class-sync-engine.php:33

actionfluentform/submission_insertedincludes\class-sync-engine.php:38

actionfrm_after_create_entryincludes\class-sync-engine.php:43

actionninja_forms_after_submissionincludes\class-sync-engine.php:48

actionforminator_custom_form_submit_before_set_fieldsincludes\class-sync-engine.php:53

actioneverest_forms_process_completeincludes\class-sync-engine.php:58

actionfl_module_contact_form_after_sendincludes\class-sync-engine.php:63

actionet_pb_contact_form_submitincludes\class-sync-engine.php:68

actionwsf_submit_post_completeincludes\class-sync-engine.php:73

filtercron_schedulessheetlink-forms.php:42

actionwp_enqueue_scriptssheetlink-forms.php:58

actionplugins_loadedsheetlink-forms.php:64

Maintenance & Trust

SheetLink Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedUnknown

PHP min version7.4

Downloads96

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

SheetLink Forms Alternatives

GSheetConnector for Gravity Forms – Send Gravity Forms Entries to Google Sheets in Real-Time

gsheetconnector-gravity-forms

Send Gravity Forms entries to Google Sheets in real-time. Automatically sync Gravity Forms submissions to Google Sheets with secure Google Sheets inte …

1K 3 CVEs

GSheetConnector for CF7 – Connect Contact Form 7 to Google Sheets and Send Form Submissions in Real Time

cf7-google-sheets-connector

Send your Contact Form 7 data directly to your Google Sheets spreadsheet.

40K 4 CVEs

WP Contact Slider – Contact Form Slider Widget

wp-contact-slider

Helps you to show slide out contact form to display CF7, Gravity forms, Ninja Forms, WP Forms, display random text/HTML and support some other forms.

10K 2 CVEs

Forms: 3rd-Party Integration

forms-3rdparty-integration

Send contact form submissions from other plugins to multiple external services e.g. CRM. Configurable, custom field mapping, pre/post processing.

5K No CVEs

Connector for Gravity Forms and Google Sheets

wp-gravity-forms-spreadsheets

Gravity Forms Google Sheets Connector sends Gravity forms entries to Google Sheets.

3K 4 CVEs

Developer Profile

SheetLink Forms Developer Profile

sheetlink

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect SheetLink Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sheetlink-forms/assets/css/admin-ui.css/wp-content/plugins/sheetlink-forms/assets/css/admin.css/wp-content/plugins/sheetlink-forms/assets/js/admin.js

Script Paths

/wp-content/plugins/sheetlink-forms/assets/js/admin.js

Version Parameters

sheetlink-forms/assets/css/admin-ui.css?ver=sheetlink-forms/assets/css/admin.css?ver=sheetlink-forms/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

sheetlink-dashboardsheetlink-settings-field

HTML Comments

Data Attributes

data-sheetlink-field-type

JS Globals

sheetlink

REST Endpoints

/wp-json/sheetlink/v1/settings

FAQ