Does Embed Spreadsheet Viewer have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Embed Spreadsheet Viewer compatible with WordPress 6.8.5?

According to WordPress.org data, Embed Spreadsheet Viewer 1.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Embed Spreadsheet Viewer updated?

Embed Spreadsheet Viewer was last updated on May 12, 2025. Frequent updates are generally a positive security signal.

What is Embed Spreadsheet Viewer's security score?

Embed Spreadsheet Viewer has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Embed Spreadsheet Viewer Security & Risk Analysis

wordpress.org/plugins/embed-spreadsheet-viewer

Embed spreadsheet tables from public Excel URLs into your WordPress site with sorting, filtering, pagination, and custom formatting.

10 active installs v1.0 PHP + WP 5.5+ Updated May 12, 2025

embedexcelspreadsheettableviewer

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Embed Spreadsheet Viewer Safe to Use in 2026?

Generally Safe

Score 92/100

Embed Spreadsheet Viewer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "embed-spreadsheet-viewer" v1.0 plugin demonstrates several positive security practices, including the exclusive use of prepared statements for SQL queries and proper output escaping across all identified outputs. The absence of known vulnerabilities in its history is also a good sign. However, the analysis reveals a notable concern regarding its attack surface. With 4 total entry points, 2 of which are AJAX handlers that lack authentication checks, the plugin presents an unnecessary risk. Furthermore, a taint analysis identified one flow with unsanitized paths, which, while not classified as critical or high severity in this report, warrants attention as it could potentially lead to security issues if exploited. The presence of file operations and external HTTP requests, though seemingly managed, adds to the complexity and potential for future vulnerabilities if not carefully maintained. Overall, while the core data handling appears secure, the unprotected entry points and the unsanitized path flow represent the most immediate areas of concern.

Key Concerns

AJAX handlers without authentication
Flow with unsanitized paths

Vulnerabilities

None known

Embed Spreadsheet Viewer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Embed Spreadsheet Viewer Release Timeline

v1.0Current

Code Analysis

Analyzed Mar 17, 2026

Embed Spreadsheet Viewer Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

108 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

100% escaped108 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<ajax-preview> (includes\ajax-preview.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Embed Spreadsheet Viewer Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 3

authwp_ajax_esv_preview_spreadsheetincludes\ajax-preview.php:7

authwp_ajax_esv_retry_flattenincludes\ajax-preview.php:117

noprivwp_ajax_esv_retry_flattenincludes\ajax-preview.php:152

Shortcodes 1

[spreadsheet] includes\spreadsheet-shortcode.php:4

WordPress Hooks 15

actionadmin_enqueue_scriptsembed-spreadsheet-viewer.php:36

actionwp_enqueue_scriptsembed-spreadsheet-viewer.php:37

actionadmin_enqueue_scriptsembed-spreadsheet-viewer.php:40

actionwp_enqueue_scriptsembed-spreadsheet-viewer.php:62

actionadmin_noticesembed-spreadsheet-viewer.php:67

actionadmin_menuincludes\admin-menu.php:8

actionadmin_enqueue_scriptsincludes\admin-menu.php:11

actionesv_wp_ajax_process_excel_valuesincludes\admin-menu.php:66

actionadd_meta_boxesincludes\spreadsheet-meta-boxes.php:5

actionsave_post_esv_spreadsheetincludes\spreadsheet-meta-boxes.php:226

actioninitincludes\spreadsheet-post-type.php:26

filtermanage_esv_spreadsheet_posts_columnsincludes\spreadsheet-post-type.php:37

actionmanage_esv_spreadsheet_posts_custom_columnincludes\spreadsheet-post-type.php:61

actionesv_after_spreadsheet_saveincludes\spreadsheet-values-extractor.php:225

actionbefore_delete_postincludes\spreadsheet-values-extractor.php:231

Maintenance & Trust

Embed Spreadsheet Viewer Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 12, 2025

PHP min version

Downloads508

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Embed Spreadsheet Viewer Alternatives

TablePress – Tables in WordPress made easy

tablepress

Embed beautiful, accessible, and interactive tables into your WordPress website’s posts and pages, without having to write code!

700K 9 CVEs

Smart Table Builder

smart-table-builder

Create beautiful, responsive HTML tables from scratch or convert Excel and CSV files into WordPress tables effortlessly.

100 1 CVE

ExcelTable for Elementor

excel-to-elementor

100

An Elementor widget to display an Excel spreadsheet file.

50 No CVEs

SheetFusion – Sync Google Sheets Into Tables. No Row Limits, No API Keys.

sheetfusion

100

Display any public Google Sheet as an interactive, sortable, searchable table — no API key required. Zero setup.

0 No CVEs

SheetMirror for Google Sheets

sheetmirror-for-google-sheets

100

Mirror your Google Sheets spreadsheet directly into any post or page as a fully formatted HTML table - colours, borders, fonts, merged cells and more.

0 No CVEs

Developer Profile

Embed Spreadsheet Viewer Developer Profile

Matt Ellenburg

1 plugin · 10 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Embed Spreadsheet Viewer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/embed-spreadsheet-viewer/assets/shared/js/esv-shared.js/wp-content/plugins/embed-spreadsheet-viewer/assets/admin/js/admin-scripts.js/wp-content/plugins/embed-spreadsheet-viewer/assets/admin/js/spreadsheet-values-extractor.js/wp-content/plugins/embed-spreadsheet-viewer/assets/frontend/css/frontend-styles.css/wp-content/plugins/embed-spreadsheet-viewer/assets/frontend/js/frontend-scripts.js/wp-content/plugins/embed-spreadsheet-viewer/assets/admin/css/admin-styles.css

Script Paths

assets/shared/js/esv-shared.jsassets/admin/js/admin-scripts.jsassets/admin/js/spreadsheet-values-extractor.jsassets/frontend/js/frontend-scripts.js

Version Parameters

embed-spreadsheet-viewer/assets/shared/js/esv-shared.js?ver=embed-spreadsheet-viewer/assets/admin/js/admin-scripts.js?ver=embed-spreadsheet-viewer/assets/admin/js/spreadsheet-values-extractor.js?ver=embed-spreadsheet-viewer/assets/frontend/css/frontend-styles.css?ver=embed-spreadsheet-viewer/assets/frontend/js/frontend-scripts.js?ver=embed-spreadsheet-viewer/assets/admin/css/admin-styles.css?ver=

HTML / DOM Fingerprints

JS Globals

esv_sharedEmbedSpreadsheetViewerDataesv_admin

REST Endpoints

/wp-json/esv/v1/process-excel-values

Shortcode Output

[spreadsheet id="" max-rows="0"]

FAQ