167 matches found
CVE-2026-4843
The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2026-4843
The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...
EUVD-2026-31333
The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2026-4843
The CVE-2026-4843 entry concerns the WordPress plugin “GSheet For Woo Importer.” All versions up to 2.3.1 are affected by a missing capability check in process_ajax_restore_action(), enabling authenticated users with Subscriber-level access or higher to delete the plugin’s Google Sheets API token...
CVE-2026-4843 GSheet For Woo Importer <= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Reset
The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...
PT-2026-42533
The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the process ajax restore action function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access a...
WordPress plugin GSheet For Woo Importer 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Pakistan-Linked APT36 Floods Indian Govt Networks With AI-Made ‘Vibeware’
Bitdefender research reveals Pakistani group APT36 is using AI-generated vibeware and trusted cloud services like Google Sheets to target Indian officials...
Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries
Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. "This prolific, elusive actor has a long history of targeting...
CVE-2025-68834
Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet – Product Sync with Google Sheet for...
WordPress plugin WPForms Google Sheet Connector 代码注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities
Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft. The campaigns have been codenamed Gopher Strike and Sheet Attack by Zscaler ThreatLabz, which identified them in September 2025. "While...
CVE-2025-65098
Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI key...
Typebot affected by Credential Theft via Client-Side Script Execution and API Authorization Bypass
Summary Client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI keys, Google Sheets tokens, and SMTP passwords. The...
CVE-2025-65098
Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI key...
CVE-2025-65098
Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI key...
CVE-2025-65098 Typebot Vulnerable to Credential Theft via Client-Side Script Execution and API Authorization Bypass
Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI key...
CVE-2025-65098 Typebot Vulnerable to Credential Theft via Client-Side Script Execution and API Authorization Bypass
Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI key...
CVE-2025-65098
CVE-2025-65098 affects Typebot (open-source chatbot builder) in versions before 3.13.2. A client-side script executed when a victim previews a malicious typebot can exfiltrate stored credentials (e.g., OpenAI keys, Google Sheets tokens, SMTP passwords) via the API endpoint /api/trpc/credentials.g...
PT-2026-3944
Name of the Vulnerable Software and Affected Versions Typebot versions prior to 3.13.2 Description Typebot, an open-source chatbot builder, has a flaw where client-side script execution can lead to the theft of stored credentials from any user. When a victim previews a malicious typebot by clicki...