Does CustomTables – Create, Read, Update, and Delete have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is CustomTables – Create, Read, Update, and Delete compatible with WordPress 6.9.4?

According to WordPress.org data, CustomTables – Create, Read, Update, and Delete 1.7.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is CustomTables – Create, Read, Update, and Delete compatible with PHP 7.4.0+?

CustomTables – Create, Read, Update, and Delete requires PHP 7.4.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CustomTables – Create, Read, Update, and Delete updated?

CustomTables – Create, Read, Update, and Delete was last updated on Mar 25, 2026. Frequent updates are generally a positive security signal.

What is CustomTables – Create, Read, Update, and Delete's security score?

CustomTables – Create, Read, Update, and Delete has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CustomTables – Create, Read, Update, and Delete Security & Risk Analysis

wordpress.org/plugins/customtables

The Custom Tables plugin allows you to create and manage custom database tables, display catalogs, forms, and tables using Twig templating language.

40 active installs v1.7.3 PHP 7.4.0+ WP 6.0+ Updated Mar 25, 2026

catalogcustom-database-tablescustom-tablesdatabaseforms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is CustomTables – Create, Read, Update, and Delete Safe to Use in 2026?

Generally Safe

Score 100/100

CustomTables – Create, Read, Update, and Delete has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "customtables" plugin v1.7.1 exhibits a mixed security posture. On the positive side, it has no recorded vulnerabilities (CVEs) and a good rate of using prepared statements for SQL queries (80%). The plugin also has a healthy number of nonce and capability checks, indicating an awareness of WordPress security best practices. However, there are significant areas of concern. A notable risk is the presence of one unprotected AJAX handler, which represents a direct entry point for potential attacks. Furthermore, all analyzed taint flows (8 out of 8) involved unsanitized paths, although they did not reach a critical or high severity level according to the analysis. The output escaping rate of 65% is also a weakness, leaving a substantial portion of outputs potentially vulnerable to cross-site scripting (XSS) if malicious data is introduced.

Key Concerns

Unprotected AJAX handler
Taint flows with unsanitized paths
Insufficient output escaping

Vulnerabilities

None known

CustomTables – Create, Read, Update, and Delete Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

CustomTables – Create, Read, Update, and Delete Release Timeline

v1.7.3Current

v1.7.2

v1.7.1

v1.6.6

v1.6.5

v1.6.4

v1.6.3

v1.6.2

v1.5.9

v1.5.8

v1.5.7

v1.5.6

v1.5.5

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.9

v1.4.8

Code Analysis

Analyzed Mar 16, 2026

CustomTables – Create, Read, Update, and Delete Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

119

219 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

80% prepared5 total queries

Output Escaping

65% escaped338 total outputs

Data Flows · Security

8 unsanitized

Data Flow Analysis

8 flows8 with unsanitized paths

handle_field_actions_edit (inc\admin\class-admin-field-list.php:601)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

CustomTables – Create, Read, Update, and Delete Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_nds_form_responseinc\core\class-init.php:104

Shortcodes 1

[customtables] CustomTables.php:288

WordPress Hooks 14

actionadmin_enqueue_scriptsCustomTables.php:131

actioninitCustomTables.php:158

actionadmin_initCustomTables.php:160

actionwp_enqueue_scriptsCustomTables.php:247

actionwpCustomTables.php:270

actionadmin_enqueue_scriptsinc\admin\class-admin-layout-edit.php:53

actioninitinc\admin\class-admin.php:72

actionplugins_loadedinc\core\class-init.php:79

actionadmin_enqueue_scriptsinc\core\class-init.php:94

actionadmin_enqueue_scriptsinc\core\class-init.php:95

actionadmin_menuinc\core\class-init.php:98

actionadmin_post_nds_form_responseinc\core\class-init.php:101

actionwp_enqueue_scriptsinc\core\class-init.php:136

actionwp_enqueue_scriptsinc\core\class-init.php:137

Maintenance & Trust

CustomTables – Create, Read, Update, and Delete Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 25, 2026

PHP min version7.4.0

Downloads5K

Community Trust

Rating100/100

Number of ratings4

Active installs40

Alternatives

CustomTables – Create, Read, Update, and Delete Alternatives

Database for Contact Form 7, WPforms, Elementor forms

contact-form-entries

Saves Contact Form 7, WPforms,Elementor Forms, CRM Perks Forms and many other contact form submissions to database.

70K 14 CVEs

Views for WPForms – Display & Edit WPForms Entries on your site frontend

views-for-wpforms-lite

Display and Edit WPForms Entries Directly on Your Website with No Coding Knowledge Needed.

1K 5 CVEs

Old Tracking DB for cformsII

cforms2-old-tracking-db

Beginning with version 15 cformsII does not have built-in Tracking Database support anymore. However it allows for arbitrary plugins to process the va …

40 No CVEs

EntryDashboard – Database Addon & Sync for WPForms, CF7, Elementor & More

entries-manager

100

Saves, manages, and sync all form submissions to your WordPress database. The most powerful Database Addon for WPForms, Contact Form 7, and Elementor …

40 No CVEs

FortressDB

fortressdb

High-speed, secure database plugin for WordPress form data

40 No CVEs

Developer Profile

CustomTables – Create, Read, Update, and Delete Developer Profile

Ivan Komlev

1 plugin · 40 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect CustomTables – Create, Read, Update, and Delete

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/customtables/libraries/customtables/media/css/modal.css/wp-content/plugins/customtables/libraries/customtables/media/css/layouteditor.css/wp-content/plugins/customtables/libraries/customtables/media/js/layoutwizard.js/wp-content/plugins/customtables/libraries/customtables/media/js/layouteditor.js/wp-content/plugins/customtables/libraries/customtables/media/js/edit.js

Script Paths

/wp-content/plugins/customtables/libraries/customtables/media/js/layoutwizard.js/wp-content/plugins/customtables/libraries/customtables/media/js/layouteditor.js/wp-content/plugins/customtables/libraries/customtables/media/js/edit.js

Version Parameters

customtables/media/css/modal.css?ver=1.7.1customtables/media/css/layouteditor.css?ver=1.7.1customtables/media/js/layoutwizard.js?ver=1.7.1customtables/media/js/layouteditor.js?ver=1.7.1customtables/media/js/edit.js?ver=1.7.1

HTML / DOM Fingerprints

Data Attributes

data-customtables-keydata-customtables-id

JS Globals

CustomTablesEditCTEditHelper

REST Endpoints

/wp-json/customtables/v1/tablejoin

FAQ

CustomTables – Create, Read, Update, and Delete Security & Risk Analysis

Is CustomTables – Create, Read, Update, and Delete Safe to Use in 2026?

Generally Safe

Key Concerns

CustomTables – Create, Read, Update, and Delete Security Vulnerabilities

CustomTables – Create, Read, Update, and Delete Release Timeline

CustomTables – Create, Read, Update, and Delete Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

CustomTables – Create, Read, Update, and Delete Attack Surface

AJAX Handlers 1

Shortcodes 1

CustomTables – Create, Read, Update, and Delete Maintenance & Trust

Maintenance Signals

Community Trust

CustomTables – Create, Read, Update, and Delete Alternatives

Database for Contact Form 7, WPforms, Elementor forms

Views for WPForms – Display & Edit WPForms Entries on your site frontend

Old Tracking DB for cformsII

EntryDashboard – Database Addon & Sync for WPForms, CF7, Elementor & More

FortressDB

CustomTables – Create, Read, Update, and Delete Developer Profile

How We Detect CustomTables – Create, Read, Update, and Delete

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about CustomTables – Create, Read, Update, and Delete