Does CSV to HTML have any unpatched vulnerabilities?

No. All known vulnerabilities in CSV to HTML have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CSV to HTML compatible with WordPress 6.8.5?

According to WordPress.org data, CSV to HTML 3.65 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is CSV to HTML compatible with PHP 8.0+?

CSV to HTML requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CSV to HTML updated?

CSV to HTML was last updated on Jun 23, 2025. Frequent updates are generally a positive security signal.

What is CSV to HTML's security score?

CSV to HTML has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CSV to HTML Security & Risk Analysis

wordpress.org/plugins/csv-to-html

Easily display, edit, and synchronize CSV files as dynamic HTML tables using a simple shortcode—no coding required.

300 active installs v3.65 PHP 8.0+ WP 3.0.1+ Updated Jun 23, 2025

csvhtmlimportsynchronizetable

A · Safe

CVEs total2

Unpatched0

Last CVEDec 11, 2024

Plugin page Download

Safety Verdict

Is CSV to HTML Safe to Use in 2026?

Generally Safe

Score 96/100

CSV to HTML has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 11, 2024Updated 9mo ago

Risk Assessment

The "csv-to-html" plugin version 3.65 presents a mixed security posture. While it demonstrates good practices by utilizing prepared statements for SQL queries and generally implementing proper output escaping (95%), and importantly, has no currently unpatched CVEs, there are several areas of concern. The presence of a dangerous function (`unserialize`) is a significant red flag. Although the static analysis and taint flows did not reveal immediate exploitable vulnerabilities related to it, the potential for deserialization vulnerabilities is high if user-controlled input reaches this function without proper sanitization.

The plugin's vulnerability history, with two known CVEs including a past critical vulnerability, indicates a tendency for severe security flaws to have existed. The types of past vulnerabilities (XSS and unrestricted uploads) are common but can have devastating impacts. The fact that these are now patched is positive, but the historical presence of such critical issues warrants caution and vigilance.

Overall, while the immediate attack surface appears to have proper authentication checks and recent vulnerabilities are patched, the latent risk associated with `unserialize` and the plugin's history of critical vulnerabilities suggest that a higher level of scrutiny and proactive security measures are advisable. Continued monitoring for future vulnerabilities is essential.

Key Concerns

Presence of dangerous function: unserialize
Past critical vulnerability (now patched)
Past medium vulnerability (now patched)
Unescaped output (5% not properly escaped)

Vulnerabilities

CSV to HTML Security Vulnerabilities

CVEs by Year

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Critical

Medium

2 total CVEs

CVE-2024-54275medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CSV to html <= 3.08 - Reflected Cross-Site Scripting

Dec 11, 2024 Patched in 3.15 (41d)

CVE-2024-52406critical · 9.9Unrestricted Upload of File with Dangerous Type

CSV to html <= 3.26 - Authenticated (Subscriber+) Arbitrary File Upload

Nov 13, 2024 Patched in 3.27 (69d)

Code Analysis

Analyzed Mar 16, 2026

CSV to HTML Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

188 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$content_arr = unserialize( $exp_htmltime[1] );csvtohtml.php:3669

Output Escaping

95% escaped197 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

dynamic_form (csvtohtml.php:1109)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

CSV to HTML Attack Surface

Entry Points7

Unprotected0

AJAX Handlers 6

authwp_ajax_fetchtablecsvtohtml.php:367

authwp_ajax_getdefaultscsvtohtml.php:368

authwp_ajax_refreshformcsvtohtml.php:369

authwp_ajax_savecsvfilecsvtohtml.php:370

noprivwp_ajax_fetchtablecsvtohtml.php:373

noprivwp_ajax_getdefaultscsvtohtml.php:374

Shortcodes 1

[csvtohtml_create] csvtohtml.php:413

WordPress Hooks 3

actioninitcsvtohtml.php:175

filterplugin_action_linkscsvtohtml.php:364

actionadmin_menucsvtohtml.php:414

Maintenance & Trust

CSV to HTML Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 23, 2025

PHP min version8.0

Downloads34K

Community Trust

Rating100/100

Number of ratings22

Active installs300

Alternatives

CSV to HTML Alternatives

AJ CSV to DataTable

aj-csv-to-datatable

Wordpress Plugin to import data from a CSV file and display it in a DataTable.

10 No CVEs

Datalist it

datalistit

100

Create a table from a csv file to display on a website or blog using Ajax. No technical knowledge required.

10 No CVEs

Table Builder for CSV

table-builder-for-csv

The Table Builder for CSV is a simple plugin that creates HTML table from csv file.

0 No CVEs

TablePress – Tables in WordPress made easy

tablepress

Embed beautiful, accessible, and interactive tables into your WordPress website’s posts and pages, without having to write code!

700K 9 CVEs

WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets

wp-all-import

Easily import any file of any size into any plugin, post type, custom field, or taxonomy. Supports WooCommerce, ACF, images, galleries, users, real es …

100K 22 CVEs

Developer Profile

CSV to HTML Developer Profile

wibergsweb

2 plugins · 320 total installs

trust score

Avg Security Score

91/100

Avg Patch Time

55 days

View full developer profile

Detection Fingerprints

How We Detect CSV to HTML

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/csv-to-html/css/editor.css/wp-content/plugins/csv-to-html/css/frontend.css/wp-content/plugins/csv-to-html/css/styles.css/wp-content/plugins/csv-to-html/js/editor.js/wp-content/plugins/csv-to-html/js/frontend.js

Script Paths

/wp-content/plugins/csv-to-html/js/editor.js/wp-content/plugins/csv-to-html/js/frontend.js

Version Parameters

/wp-content/plugins/csv-to-html/css/editor.css?ver=/wp-content/plugins/csv-to-html/css/frontend.css?ver=/wp-content/plugins/csv-to-html/css/styles.css?ver=/wp-content/plugins/csv-to-html/js/editor.js?ver=/wp-content/plugins/csv-to-html/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

csv-to-html-tablecsv-to-html-editor-container

Data Attributes

data-csvtohtml-iddata-csvtohtml-sourcedata-csvtohtml-display-typedata-csvtohtml-editor-enabled

JS Globals

csvtohtml_editor_settingscsvtohtml_frontend_settings

REST Endpoints

/wp-json/csv-to-html/v1/get-data/wp-json/csv-to-html/v1/save-data

Shortcode Output

[csv_table[csv_editor

FAQ