What is GHSA-mh3x-vcwp-x5rh?

GHSA-mh3x-vcwp-x5rh is a security advisory published by GitHub Security Advisories with Medium severity. The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due...

Which CVE IDs does GHSA-mh3x-vcwp-x5rh cover?

GHSA-mh3x-vcwp-x5rh covers the following CVE IDs: CVE-2026-4843. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-mh3x-vcwp-x5rh?

GHSA-mh3x-vcwp-x5rh has a CVSS v3 base score of 4.3, published by GitHub Security Advisories.

GHSA-mh3x-vcwp-x5rhMediumCVSS 4.3

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due...

Vendor

GitHub Security Advisories

Published

May 21, 2026

Last Modified

May 21, 2026

🔗 CVE IDs covered (1)

CVE-2026-4843 →

📋 Description

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the process_ajax_restore_action() function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's Google Sheets API token and configuration options.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-4843
https://plugins.trac.wordpress.org/browser/import-products-from-gsheet-for-woo-importer/tags/2.3.1/src/Actions/AdminSettingsAction.php#L391
https://www.wordfence.com/threat-intel/vulnerabilities/id/b0d60991-0675-4efa-9427-380e6b59fe28?source=cve
https://github.com/advisories/GHSA-mh3x-vcwp-x5rh