CVE-2025-7697 – Google Sheets Integration for WordPress PHP Object Injection Vulnerability

July 19, 2025

CVE ID : CVE-2025-7697

Published : July 19, 2025, 5:15 a.m. | 18 hours, 29 minutes ago

Description : The Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.1 via deserialization of untrusted input within the verify_field_val() function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain in the Contact Form 7 plugin, which is likely to be used alongside, allows attackers to delete arbitrary files, leading to a denial of service or remote code execution when the wp-config.php file is deleted.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2012-10019 – WordPress Front End Editor Arbitrary File Upload Vulnerability

Next Article CVE-2025-7696 – Pipedrive WordPress Plugin PHP Object Injection Vulnerability

Highlights

CVE-2025-43844 – Apache Retrieval-Based Voice Conversion WebUI Command Injection Vulnerability

May 5, 2025

CVE ID : CVE-2025-43844

Published : May 5, 2025, 6:15 p.m. | 36 minutes ago

Description : Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables exp_dir1, among others, take user input and pass it to the click_train function, which concatenates them into a command that is run on the server. This can lead to arbitrary command execution. As of time of publication, no known patches exist.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

In-House vs. Outsource Node.js Development Teams: 9 Key Differences for the C-Suite (2025)

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

I ditched my Bluetooth speakers for this slick turntable – and it’s more practical than I thought

This split keyboard offers deep customization – if you’re willing to go all in

I spoke with an AI version of myself, thanks to Hume’s free tool – how to try it

I took a walk with Meta’s new Oakley smart glasses – they beat my Ray-Bans in every way

The details of TC39’s last meeting

The details of TC39’s last meeting

Simple wrapper for Chrome’s built-in local LLM (Gemini Nano)

Online Examination System using PHP and MySQL

Top 7 Computer Performance Test Tools Online (Free & Fast)

Top 7 Computer Performance Test Tools Online (Free & Fast)

10 Best Windows 11 Encryption Software

Google Chrome Is Testing Dynamic Country Detection for Region-Specific Features

CVE-2025-7697 – Google Sheets Integration for WordPress PHP Object Injection Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

Rejoice: Overwatch 2’s popular 6v6 mode is here to stay — at least during Season 16

Junaid Akram receive a negative impact after posting recent video

Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws

CVE-2025-36027 – IBM Datacap Clickjacking Vulnerability

CVE-2025-43844 – Apache Retrieval-Based Voice Conversion WebUI Command Injection Vulnerability

CVE-2025-6415 – PHPGurukul Art Gallery Management System SQL Injection Vulnerability

Why Synology’s new NAS drive support policy isn’t as bad as I first thought

CVE-2025-5327 – “Chshcms MCCMS Gf.php Server-Side Request Forgery Vulnerability”

CVE-2025-7697 – Google Sheets Integration for WordPress PHP Object Injection Vulnerability

Related Posts