What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in WesternDeal WooCommerce Google Sheet Connector wc-gsheetconnector allows Cross Site Request Forgery.This issue affects WooCommerce Google Sheet Connector: from n/a through <= 1.3.20.
Explanation of Vulnerability in Simple Terms
02Summary
The WooCommerce Google Sheet Connector plugin contains a cross-site request forgery (CSRF) vulnerability that allows attackers to perform unauthorized actions on behalf of site administrators. An attacker can craft a malicious link or page that, when visited by an admin, triggers unwanted changes to plugin settings or data. The vulnerability affects versions 1.3.20 and earlier. Site owners should update to a version newer than 1.3.20 as soon as available.
What an attacker can do
03Attacker Capabilities
Trick an admin into visiting a malicious page to perform unauthorized actions on the site.
Potential impact on your site
04Site Impact
Plugin settings or connected Google Sheet data could be modified without your knowledge or consent.
Conditions required to exploit
05Prerequisites
Admin must visit attacker-controlled page or click a malicious link while logged in.
Key dates
06Disclosure timeline
July 16, 2025
CVE published
April 28, 2026
Record updated