Title: Plugin vulnerable to PHP Object Injection
Last modified: October 15, 2025

---

# Plugin vulnerable to PHP Object Injection

 *  [joevil1984](https://wordpress.org/support/users/joevil1984/)
 * (@joevil1984)
 * [7 months, 3 weeks ago](https://wordpress.org/support/topic/plugin-vulnerable-to-php-object-injection/)
 * Hi,
 * I wanted to bring to your attention that a PHP Object Injection vulnerability
   has been reported for your plugin **“Connector for Gravity Forms and Google Sheets”**.
 * **Details:**
    - **Vulnerability Type:** PHP Object Injection
    - **Detected On:** August 8, 2025
    - **Affected Versions:** ≤ 1.2.5
    - **Current Status:** No fix or update package available
 * This issue was flagged by a website security scanner, which recommends addressing
   the vulnerability as soon as possible to prevent potential exploitation.
 * Could you please confirm if there’s an upcoming patch or workaround available
   to mitigate this risk?
 * Thank you for your attention to this matter.
 * Best regards,
   Joevil**Patchstack Report Reference:**
 * >     ```wp-block-code
   >     https://patchstack.com/database/wordpress/plugin/wp-gravity-forms-spreadsheets/vulnerability/wordpress-connector-for-gravity-forms-and-google-sheets-plugin-1-2-5-php-object-injection-vulnerability
   >     ```
   > 
    -  This topic was modified 7 months, 3 weeks ago by [joevil1984](https://wordpress.org/support/users/joevil1984/).
    -  This topic was modified 7 months, 3 weeks ago by [Yui](https://wordpress.org/support/users/fierevere/).

Viewing 2 replies - 1 through 2 (of 2 total)

 *  [CRM Perks Support](https://wordpress.org/support/users/crmperkshelp/)
 * (@crmperkshelp)
 * [7 months, 3 weeks ago](https://wordpress.org/support/topic/plugin-vulnerable-to-php-object-injection/#post-18682572)
 * we have fixed it about 2 months ago , we have many plugins for Gravity forms ,
   code is same in all , you can verify it
 * patchstack reported same vulnerablity in all plugins , marked it as fixed in 
   other plugins but did not mark this plugin fixed
 * can you please confirm this to patchstack , ask them for POC
 *  Thread Starter [joevil1984](https://wordpress.org/support/users/joevil1984/)
 * (@joevil1984)
 * [7 months, 3 weeks ago](https://wordpress.org/support/topic/plugin-vulnerable-to-php-object-injection/#post-18682862)
 * Thank you for the update. I can confirm that the issue has been resolved on our
   end.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Plugin vulnerable to PHP Object Injection’ is closed to new replies.

 * ![](https://ps.w.org/wp-gravity-forms-spreadsheets/assets/icon-256x256.png?rev
   =2626463)
 * [Connector for Gravity Forms and Google Sheets](https://wordpress.org/plugins/wp-gravity-forms-spreadsheets/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wp-gravity-forms-spreadsheets/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wp-gravity-forms-spreadsheets/)
 * [Active Topics](https://wordpress.org/support/plugin/wp-gravity-forms-spreadsheets/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wp-gravity-forms-spreadsheets/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wp-gravity-forms-spreadsheets/reviews/)

 * 3 replies
 * 2 participants
 * Last reply from: [joevil1984](https://wordpress.org/support/users/joevil1984/)
 * Last activity: [7 months, 3 weeks ago](https://wordpress.org/support/topic/plugin-vulnerable-to-php-object-injection/#post-18682862)