WP-Safety

WPGSI: Spreadsheet Integration Security & Risk Analysis

wordpress.org/plugins/wpgsi

Google sheet two-way sync 🔄 WordPress | WooCommerce | Contact form 7 | DB table | Google sheet as a Table.

2K active installs v3.8.4 PHP + WP 5.5.0+ Updated Feb 14, 2026
automationcontact-form-7google-sheetsspreadsheetwoocommerce
90
A · Safe
CVEs total5
Unpatched0
Last CVEFeb 24, 2026
Plugin page Download
Safety Verdict

Is WPGSI: Spreadsheet Integration Safe to Use in 2026?

Generally Safe

Score 90/100

WPGSI: Spreadsheet Integration has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

5 known CVEsLast CVE: Feb 24, 2026Updated 3mo ago
Risk Assessment

The wpgsi plugin v3.8.4 presents a mixed security posture with several concerning indicators. While it demonstrates some good practices like a substantial number of capability checks and a decent percentage of SQL queries using prepared statements, the significant number of AJAX handlers (50% of the total) lacking authorization checks is a major red flag, exposing a broad attack surface. The taint analysis further highlights this with a high number of flows with unsanitized paths, including 7 classified as high severity, indicating potential for data manipulation or unauthorized actions. The plugin's vulnerability history, with 5 known CVEs including two high-severity ones and a recent vulnerability in 2026, suggests a pattern of past security weaknesses that require careful monitoring. The presence of the `unserialize` function also warrants caution, as it can be a vector for deserialization vulnerabilities if not handled meticulously. Overall, the plugin has potential attack vectors due to unprotected entry points and identified high-severity taint flows, compounded by a history of past vulnerabilities, requiring diligent attention to security updates and a careful evaluation of its usage.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows found
  • Known high severity vulnerabilities (historical)
  • Known medium severity vulnerabilities (historical)
  • Use of unserialize function
  • SQL queries not using prepared statements
  • Output not properly escaped
  • Bundled outdated library (Freemius v1.0)
Vulnerabilities
5 published

WPGSI: Spreadsheet Integration Security Vulnerabilities

CVEs by Year

2 CVEs in 2021
2021
1 CVE in 2024
2024
1 CVE in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
2
Medium
3

5 total CVEs

CVE-2026-1916high · 7.5Missing Authorization

WPGSI: Spreadsheet Integration <= 3.8.3 - Missing Authorization to Unauthenticated Arbitrary Post Creation and Deletion via Forged Base64 Token

Feb 24, 2026 Patched in 3.8.4 (1d)
CVE-2025-1463medium · 4.3Cross-Site Request Forgery (CSRF)

Spreadsheet Integration <= 3.8.2 - Cross-Site Request Forgery to Arbitrary Post Publish

Mar 4, 2025 Patched in 3.8.3 (1d)
CVE-2024-6590medium · 6.3Missing Authorization

Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update

Sep 24, 2024 Patched in 3.8.1 (14d)
WF-014da588-9494-493e-8659-590b8e8c14a6-wpgsimedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Spreadsheet Integration and Spreadsheet Integration Pro <= 3.5.0 - Reflected Cross-Site Scripting

Dec 24, 2021 Patched in 3.6.0 (760d)
WF-6a3dddda-3a65-42b6-9dc8-760bc3a24dcf-wpgsihigh · 8.8Cross-Site Request Forgery (CSRF)

Spreadsheet Integration and Spreadsheet Integration Pro <= 3.5.0 - Cross-Site Request Forgery

Dec 24, 2021 Patched in 3.6.0 (760d)
Version History

WPGSI: Spreadsheet Integration Release Timeline

v3.8.4Current
v3.8.31 CVE
CVE-2026-1916
v3.8.22 CVEs
CVE-2025-1463 CVE-2026-1916
v3.8.12 CVEs
CVE-2025-1463 CVE-2026-1916
v3.8.03 CVEs
CVE-2025-1463 CVE-2026-1916 CVE-2024-6590
v3.7.93 CVEs
CVE-2025-1463 CVE-2026-1916 CVE-2024-6590
v3.7.83 CVEs
CVE-2025-1463 CVE-2026-1916 CVE-2024-6590
v3.7.73 CVEs
CVE-2025-1463 CVE-2026-1916 CVE-2024-6590
v3.7.63 CVEs
CVE-2025-1463 CVE-2026-1916 CVE-2024-6590
v3.7.53 CVEs
CVE-2025-1463 CVE-2026-1916 CVE-2024-6590
v3.7.43 CVEs
CVE-2025-1463 CVE-2026-1916 CVE-2024-6590
v3.7.23 CVEs
CVE-2025-1463 CVE-2026-1916 CVE-2024-6590
v3.7.13 CVEs
CVE-2025-1463 CVE-2026-1916 CVE-2024-6590
v3.6.13 CVEs
CVE-2025-1463 CVE-2026-1916 CVE-2024-6590
v3.6.03 CVEs
CVE-2025-1463 CVE-2026-1916 CVE-2024-6590
v3.5.05 CVEs
WF-014da588-9494-493e-8659-590b8e8c14a6-wpgsi CVE-2025-1463 WF-6a3dddda-3a65-42b6-9dc8-760bc3a24dcf-wpgsi +2 more
v3.3.05 CVEs
WF-014da588-9494-493e-8659-590b8e8c14a6-wpgsi CVE-2025-1463 WF-6a3dddda-3a65-42b6-9dc8-760bc3a24dcf-wpgsi +2 more
v3.2.05 CVEs
WF-014da588-9494-493e-8659-590b8e8c14a6-wpgsi CVE-2025-1463 WF-6a3dddda-3a65-42b6-9dc8-760bc3a24dcf-wpgsi +2 more
v3.1.05 CVEs
WF-014da588-9494-493e-8659-590b8e8c14a6-wpgsi CVE-2025-1463 WF-6a3dddda-3a65-42b6-9dc8-760bc3a24dcf-wpgsi +2 more
v3.0.05 CVEs
WF-014da588-9494-493e-8659-590b8e8c14a6-wpgsi CVE-2025-1463 WF-6a3dddda-3a65-42b6-9dc8-760bc3a24dcf-wpgsi +2 more
Code Analysis
Analyzed Mar 16, 2026

WPGSI: Spreadsheet Integration Code Analysis

Dangerous Functions
3
Raw SQL Queries
17
15 prepared
Unescaped Output
118
154 escaped
Nonce Checks
14
Capability Checks
34
File Operations
1
External Requests
9
Bundled Libraries
1

Dangerous Functions Found

unserialize$content_arr = unserialize( $Field->post_content );admin\class-wpgsi-admin.php:2045
unserialize$rt = @unserialize( $entre->meta_value );admin\class-wpgsi-events.php:1009
unserialize$post_excerpt = unserialize($item->post_excerpt);includes\class-wpgsi-list-table.php:54

Bundled Libraries

Freemius1.0

SQL Query Safety

47% prepared32 total queries

Output Escaping

57% escaped272 total outputs
Data Flows · Security
11 unsanitized

Data Flow Analysis

15 flows11 with unsanitized paths
wpgsi_connections (admin\class-wpgsi-admin.php:656)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

WPGSI: Spreadsheet Integration Attack Surface

Entry Points8
Unprotected5

AJAX Handlers 5

authwp_ajax_wpgsi_WorksheetColumnsTitleincludes\class-wpgsi.php:180
authwp_ajax_wpgsi_changeIntegrationStatusincludes\class-wpgsi.php:181
authwp_ajax_wpgsi_changeRemoteUpdateStatusincludes\class-wpgsi.php:182
authwp_ajax_wpgsi_createSheetColumnTitlesincludes\class-wpgsi.php:183
authwp_ajax_wpgsi_ajaxWorksheetDataincludes\class-wpgsi.php:198

REST API Routes 2

POST/wp-json/wpgsi/acceptadmin\class-wpgsi-update.php:96
GET/wp-json/wpgsi/updateadmin\class-wpgsi-update.php:108

Shortcodes 1

[wpgsi] admin\class-wpgsi-show.php:489
WordPress Hooks 58
actionplugins_loadedincludes\class-wpgsi.php:137
actionuser_registerincludes\class-wpgsi.php:150
actionprofile_updateincludes\class-wpgsi.php:151
actiondelete_userincludes\class-wpgsi.php:152
actionwp_loginincludes\class-wpgsi.php:153
actionclear_auth_cookieincludes\class-wpgsi.php:154
actionsave_postincludes\class-wpgsi.php:155
actioncomment_postincludes\class-wpgsi.php:156
actionedit_commentincludes\class-wpgsi.php:157
actiontransition_post_statusincludes\class-wpgsi.php:158
actionwoocommerce_order_status_changedincludes\class-wpgsi.php:159
actionwoocommerce_new_orderincludes\class-wpgsi.php:160
actionwoocommerce_thankyouincludes\class-wpgsi.php:161
actionwpcf7_before_send_mailincludes\class-wpgsi.php:162
actionninja_forms_after_submissionincludes\class-wpgsi.php:163
actionfrm_after_create_entryincludes\class-wpgsi.php:164
actionwpforms_processincludes\class-wpgsi.php:165
actionweforms_entry_submissionincludes\class-wpgsi.php:166
actiongform_after_submissionincludes\class-wpgsi.php:167
actionforminator_custom_form_submit_field_dataincludes\class-wpgsi.php:168
actionfluentform_before_submission_confirmationincludes\class-wpgsi.php:169
actionadmin_noticesincludes\class-wpgsi.php:170
actionshutdownincludes\class-wpgsi.php:172
actioninitincludes\class-wpgsi.php:175
actionadmin_enqueue_scriptsincludes\class-wpgsi.php:176
actionadmin_enqueue_scriptsincludes\class-wpgsi.php:177
actionadmin_menuincludes\class-wpgsi.php:178
actionadmin_post_wpgsi_Integrationincludes\class-wpgsi.php:179
filterplugin_action_linksincludes\class-wpgsi.php:184
actionwpgsi_khatasincludes\class-wpgsi.php:186
actionadmin_noticesincludes\class-wpgsi.php:187
actionrest_api_initincludes\class-wpgsi.php:190
actionadmin_noticesincludes\class-wpgsi.php:191
actionadmin_enqueue_scriptsincludes\class-wpgsi.php:194
actionadmin_noticesincludes\class-wpgsi.php:195
actionadmin_menuincludes\class-wpgsi.php:196
actionadmin_post_save_google_showincludes\class-wpgsi.php:197
actioninitincludes\class-wpgsi.php:199
actioncron_schedulesincludes\class-wpgsi.php:201
actioninitincludes\class-wpgsi.php:202
actionwpgsi_every_5_minutesincludes\class-wpgsi.php:203
actionwpgsi_every_10_minutesincludes\class-wpgsi.php:204
actionwpgsi_every_15_minutesincludes\class-wpgsi.php:205
actionwpgsi_every_30_minutesincludes\class-wpgsi.php:206
actionwpgsi_every_hourincludes\class-wpgsi.php:207
actionwpgsi_every_two_hoursincludes\class-wpgsi.php:208
actionwpgsi_every_three_hoursincludes\class-wpgsi.php:209
actionwpgsi_every_five_hoursincludes\class-wpgsi.php:210
actionwpgsi_every_seven_hoursincludes\class-wpgsi.php:211
actionwpgsi_every_twelve_hoursincludes\class-wpgsi.php:212
actionwpgsi_every_dayincludes\class-wpgsi.php:213
actionadmin_menuincludes\class-wpgsi.php:216
actionadmin_post_google_settingsincludes\class-wpgsi.php:217
actionadmin_footerincludes\class-wpgsi.php:218
actionadmin_noticesincludes\class-wpgsi.php:219
actionwp_enqueue_scriptsincludes\class-wpgsi.php:228
actionwp_enqueue_scriptsincludes\class-wpgsi.php:229
actionactivated_pluginwpgsi.php:68

Scheduled Events 6

wpgsi_every_two_hours
wpgsi_every_three_hours
wpgsi_every_five_hours
wpgsi_every_seven_hours
wpgsi_every_twelve_hours
wpgsi_every_day
Maintenance & Trust

WPGSI: Spreadsheet Integration Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 14, 2026
PHP min version
Downloads58K

Community Trust

Rating96/100
Number of ratings19
Active installs2K
Alternatives

WPGSI: Spreadsheet Integration Alternatives

Sheet Wise – WordPress to Google Sheets Automation for Forms, Users, Posts & WooCommerce

Sheet Wise – WordPress to Google Sheets Automation for Forms, Users, Posts & WooCommerce

sheet-wise

A
100

Sync WordPress users, posts, comments, WooCommerce orders, and Contact Form 7 submissions to Google Sheets automatically.

0 No CVEs
Synchronizer Addon For WooCommerce to Google Spreadsheet

Synchronizer Addon For WooCommerce to Google Spreadsheet

wpappsdev-gsheet-order-automation

A
92

This is a order automation system for WooCommerce and Google SpreadSheet.

0 No CVEs
Bit integrations – Easy Automator with no-code automation, integrate Webhook and automate 300+ Platform

Bit integrations – Easy Automator with no-code automation, integrate Webhook and automate 300+ Platform

bit-integrations

A
98

Perfect Automation and integration plugin: Connect 300+ platforms and automate CRM, Email marketing tools, Google Sheets, Contact forms, LMS and more

20K 1 CVE
AFI – The Easiest Integration Plugin

AFI – The Easiest Integration Plugin

advanced-form-integration

A
95

Connect any WordPress form or event to 200+ apps — no code. Send leads, orders, and signups to your CRM, email, or sheets in minutes.

10K 9 CVEs
ShopMagic for Contact Form 7 and WooCommerce

ShopMagic for Contact Form 7 and WooCommerce

shopmagic-for-contact-form-7

A
100

Allows creating WooCommerce marketing automation and emailing WordPress users based on Contact Form 7 submission. You can use this Contact Form 7 inte &hellip;

300 No CVEs
Developer Profile

WPGSI: Spreadsheet Integration Developer Profile

javmah

2 plugins · 2K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
307 days
View full developer profile
Detection Fingerprints

How We Detect WPGSI: Spreadsheet Integration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpgsi/admin/css/wpgsi-admin.css/wp-content/plugins/wpgsi/public/css/wpgsi-public.css/wp-content/plugins/wpgsi/public/js/wpgsi-public.js
Script Paths
/wp-content/plugins/wpgsi/admin/js/wpgsi-admin.js/wp-content/plugins/wpgsi/public/js/wpgsi-public.js
Version Parameters
wpgsi/css/wpgsi-public.css?ver=wpgsi/css/wpgsi-admin.css?ver=wpgsi/js/wpgsi-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpgsi_integration_title
HTML Comments
<!-- Bismilla Hir Rahmanir Raheem. --><!-- 29 Apr 2023 --><!-- Hello, Friend How are you doing? i am doing fine. --><!-- I know Golang, Python, PHP, Javascript, HTML & CSS. -->+10 more
JS Globals
wpgsi_admin_object
Shortcode Output
[wpgsi_integration]
FAQ

Frequently Asked Questions about WPGSI: Spreadsheet Integration