CVE-2026-4843 — The GSheet For Woo Importer plugin for WordPress is
CVE-2026-4843 — The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the process_ajax_restore_action() function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber
What This Means For You
- If your environment is affected by CWE-862, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-4843 updates and patches.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
GSheet For Woo Importer - Unauthorized Token Deletion - CVE-2026-4843
title: GSheet For Woo Importer - Unauthorized Token Deletion - CVE-2026-4843
id: scw-2026-05-21-ai-1
status: experimental
level: medium
description: |
Detects the specific AJAX action 'gsheet_woo_importer_process_ajax_restore_action' being called via '/wp-admin/admin-ajax.php' with a 200 status code. This corresponds to the vulnerable function process_ajax_restore_action() in the GSheet For Woo Importer plugin, which can be exploited by authenticated users (Subscriber level and above) to delete the plugin's Google Sheets API token and configuration options, leading to unauthorized data loss. This rule targets the core vulnerability described in CVE-2026-4843.
author: SCW Feed Engine (AI-generated)
date: 2026-05-21
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-4843/
tags:
- attack.impact
- attack.t1531
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/wp-admin/admin-ajax.php'
cs-uri-query|contains:
- 'action=gsheet_woo_importer_process_ajax_restore_action'
selection_base:
sc-status:
- 200
condition: selection AND selection_base
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-4843 | vulnerability | CVE-2026-4843 |
| CWE-862 | weakness | CWE-862 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 21, 2026 at 23:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related coverage
LiteLLM Privilege Escalation: User Role Manipulation Grants Admin Access (CVE-2026-47102)
CVE-2026-47102 — LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to...
LiteLLM Privilege Escalation Via API Key Misconfiguration (CVE-2026-47101)
CVE-2026-47101 — LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When...
IINA CVE-2026-47114: macOS Command Execution via Malicious URL
CVE-2026-47114 — IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv_-prefixed query parameters...