CVE-2025-67979 is a critical security vulnerability classified as 'Improper Control of Generation of Code' or code injection in the WesternDeal WPForms Google Sheet Connector plugin (gsheetconnector-wpforms) for WordPress. This plugin facilitates integration between WPForms and Google Sheets, allowing form data to be sent directly to Google Sheets. The vulnerability exists in all versions up to and including 4.0.1. It allows an attacker with at least low-level privileges (PR:L) to inject malicious code that the plugin improperly generates or executes. The attack vector is network-based (AV:N), requiring no user interaction (UI:N), and the vulnerability affects confidentiality, integrity, and availability (C:H/I:H/A:H) of the affected systems. The scope is changed (S:C), meaning the vulnerability can affect resources beyond the initially vulnerable component. Exploitation could lead to remote code execution, data theft, data manipulation, or denial of service. Although no exploits are currently known in the wild, the high CVSS score (9.9) underscores the critical nature of this flaw. The vulnerability was reserved in December 2025 and published in February 2026. No patches or fixes are currently linked, indicating that mitigation steps must be carefully planned. The vulnerability is particularly dangerous because it allows code injection through improper handling of code generation, which is a severe security flaw in web applications.

The impact of CVE-2025-67979 is severe for organizations using the WesternDeal WPForms Google Sheet Connector plugin. Successful exploitation can lead to full remote code execution on the affected WordPress server, compromising the confidentiality, integrity, and availability of the system and data. Attackers could steal sensitive form data, manipulate or delete data in Google Sheets, or use the compromised server as a foothold for further attacks within the network. This can result in data breaches, operational disruption, reputational damage, and potential regulatory penalties. Since the vulnerability requires only low privileges and no user interaction, it lowers the barrier for attackers who have limited access. The changed scope means that the impact can extend beyond the plugin itself, potentially affecting other components or systems connected to the WordPress environment. Organizations relying on this plugin for business-critical workflows involving form data and Google Sheets integration are at significant risk.

1. Immediately check for updates or patches from WesternDeal for the WPForms Google Sheet Connector plugin and apply them as soon as they become available. 2. If no patch is available, consider temporarily disabling the plugin or removing it until a fix is released to prevent exploitation. 3. Restrict access to the WordPress admin panel and plugin settings to trusted users only, enforcing strong authentication and least privilege principles. 4. Monitor logs for unusual activity related to the plugin, such as unexpected code execution or abnormal network requests. 5. Implement Web Application Firewall (WAF) rules to detect and block suspicious payloads targeting the plugin endpoints. 6. Regularly back up WordPress sites and associated data, including Google Sheets, to enable recovery in case of compromise. 7. Conduct security audits and code reviews of custom integrations involving WPForms and Google Sheets to identify potential injection points. 8. Educate administrators and developers about the risks of code injection vulnerabilities and secure coding practices. 9. Consider isolating critical WordPress instances or running them in hardened environments with minimal privileges and network segmentation.