WPSyncSheets For WPForms – Google Sheets Connector for WPForms & Real‑Time Data Export Security & Risk Analysis

wordpress.org/plugins/wpsyncsheets-wpforms

Connect WPForms to Google Sheets and automatically sync form entries in real-time. Eliminate manual data entry and simplify your workflow.

300 active installs v1.7.0 PHP + WP 5.5+ Updated Feb 20, 2026

export-wpforms-entriesform-entriesgoogle-sheetswpformswpforms-google-sheets

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 11, 2025

Plugin page Download

Safety Verdict

Is WPSyncSheets For WPForms – Google Sheets Connector for WPForms & Real‑Time Data Export Safe to Use in 2026?

Generally Safe

Score 99/100

WPSyncSheets For WPForms – Google Sheets Connector for WPForms & Real‑Time Data Export has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 11, 2025Updated 1mo ago

Risk Assessment

The "wpsyncsheets-wpforms" v1.7.0 plugin exhibits a generally good security posture with several strengths, including the absence of exposed REST API routes and shortcodes, and a complete absence of dangerous functions. All identified SQL queries utilize prepared statements, and a solid number of nonce and capability checks (7 each) are present, indicating a conscious effort to secure entry points. The plugin also has limited external interactions, with only one HTTP request.

However, concerns arise from the static analysis results. While there are no explicitly unprotected AJAX handlers or REST API routes, the presence of two "flows with unsanitized paths" in the taint analysis is a significant red flag, despite being classified as low severity. This suggests potential weaknesses in how file paths are handled, which could be exploited under specific circumstances. The output escaping rate of 69% is also a concern, implying that a substantial portion of user-facing output may not be adequately sanitized, potentially leading to cross-site scripting (XSS) vulnerabilities.

The vulnerability history shows one medium severity CVE, which has since been patched. While the lack of currently unpatched vulnerabilities is positive, the historical presence of a medium severity issue, coupled with the taint analysis and output escaping concerns, suggests that the plugin may not be as robust as its initial entry point analysis implies. Continued vigilance and addressing the identified taint flows and output sanitization are recommended.

Key Concerns

Flows with unsanitized paths detected
Output escaping below 90%
Bundled library (Guzzle) might be outdated
One medium severity CVE historically

Vulnerabilities

WPSyncSheets For WPForms – Google Sheets Connector for WPForms & Real‑Time Data Export Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-12164medium · 4.3Missing Authorization

WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset

Feb 11, 2025 Patched in 1.6.1 (1d)

Code Analysis

Analyzed Mar 16, 2026

WPSyncSheets For WPForms – Google Sheets Connector for WPForms & Real‑Time Data Export Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

164 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared2 total queries

Output Escaping

69% escaped237 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

wpsslwp_review_notice_message (includes\class-wpsslwp-notifications.php:119)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WPSyncSheets For WPForms – Google Sheets Connector for WPForms & Real‑Time Data Export Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_install_and_activate_pluginincludes\class-wpsslwp-plugin-settings.php:65

authwp_ajax_wpsslwp_reset_settingsincludes\class-wpsslwp-service.php:93

authwp_ajax_wpsslwp_clear_sheetincludes\class-wpsslwp-service.php:94

WordPress Hooks 17

actionadmin_enqueue_scriptsfeedback\users-feedback.php:22

actionadmin_initfeedback\users-feedback.php:25

actionadmin_headfeedback\users-feedback.php:28

actionadmin_noticesincludes\class-wpsslwp-dependencies.php:55

actionadmin_initincludes\class-wpsslwp-notifications.php:35

actionadmin_noticesincludes\class-wpsslwp-notifications.php:67

actionadmin_menuincludes\class-wpsslwp-plugin-settings.php:52

actionadmin_enqueue_scriptsincludes\class-wpsslwp-plugin-settings.php:53

actionadmin_enqueue_scriptsincludes\class-wpsslwp-plugin-settings.php:54

filterplugin_row_metaincludes\class-wpsslwp-plugin-settings.php:55

filterwpforms_admin_headerincludes\class-wpsslwp-plugin-settings.php:59

filterwpforms_admin_flyoutmenuincludes\class-wpsslwp-plugin-settings.php:60

actionadmin_footerincludes\class-wpsslwp-plugin-settings.php:61

actionwpforms_builder_save_formincludes\class-wpsslwp-service.php:92

actioninitsrc\class-wpsyncsheets-wpforms.php:47

actioninitwpsyncsheets-lite-wpforms.php:108

actionadmin_noticeswpsyncsheets-lite-wpforms.php:131

Maintenance & Trust

WPSyncSheets For WPForms – Google Sheets Connector for WPForms & Real‑Time Data Export Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 20, 2026

PHP min version

Downloads76K

Community Trust

Rating100/100

Number of ratings1

Active installs300

Alternatives

WPSyncSheets For WPForms – Google Sheets Connector for WPForms & Real‑Time Data Export Alternatives

GSheetConnector For WPForms – WPForms Google Sheets Integration (Real-Time Sync)

gsheetconnector-wpforms

Connect WPForms to Google Sheets and automatically send form entries to a google sheet in real-time. No manual exports, no coding required.

8K 3 CVEs

Database for Contact Form 7, WPforms, Elementor forms

contact-form-entries

Saves Contact Form 7, WPforms,Elementor Forms, CRM Perks Forms and many other contact form submissions to database.

70K 13 CVEs

FormsDB – Save Elementor Forms to Google Sheets & Post Type

sb-elementor-contact-form-db

Connect Elementor forms with Google Sheets to sync form entries, or save form submissions in any post type using Elementor Pro or Hello Plus forms.

20K 3 CVEs

Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms

integration-for-contact-form-7-and-google-sheets

Send Contact Form 7, WPForms, Elementor, Ninja Forms, Contact Form Entries Plugin and many other contact form submissions to Google Sheets.

1K 2 CVEs

EntryDashboard – Database Addon & Sync for WPForms, CF7, Elementor & More

entries-manager

100

Saves, manages, and sync all form submissions to your WordPress database. The most powerful Database Addon for WPForms, Contact Form 7, and Elementor …

30 No CVEs

Developer Profile

WPSyncSheets For WPForms – Google Sheets Connector for WPForms & Real‑Time Data Export Developer Profile

Creative Werk Designs

6 plugins · 2K total installs

100

trust score

Avg Security Score

100/100

Avg Patch Time

4 days

View full developer profile

Detection Fingerprints

How We Detect WPSyncSheets For WPForms – Google Sheets Connector for WPForms & Real‑Time Data Export

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpsyncsheets-wpforms/feedback/js/admin-feedback.js/wp-content/plugins/wpsyncsheets-wpforms/feedback/css/admin-feedback.css

Script Paths

/wp-content/plugins/wpsyncsheets-wpforms/feedback/js/admin-feedback.js

Version Parameters

wpsyncsheets-wpforms/feedback/js/admin-feedback.js?cs=wpsyncsheets-wpforms/feedback/css/admin-feedback.css?s=

HTML / DOM Fingerprints

CSS Classes

wpsswp-deactivation-containerwpsswp-deactivation-responsehide-feedback-popup

HTML Comments

Data Attributes

id="wpsswp-deactivate-feedback-dialog-wrapper"id="wpsswp-deactivate-feedback-dialog-header"

JS Globals

WPSSLWP_URLWPSSLWP_VERSIONWPSSLWP_PLUGIN_ITEM_ID

FAQ