Does Export to Excel have any unpatched vulnerabilities?

No. All known vulnerabilities in Export to Excel have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Export to Excel compatible with WordPress 3.9.40?

According to WordPress.org data, Export to Excel 1.0 has been tested up to WordPress 3.9.40. Check the plugin's changelog for the latest compatibility information.

How often is Export to Excel updated?

Export to Excel was last updated on Jun 11, 2014. Frequent updates are generally a positive security signal.

What is Export to Excel's security score?

Export to Excel has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Export to Excel Security & Risk Analysis

wordpress.org/plugins/export-2-excel

A plugin which allows you to download your posts, pages, custom post types, comments authors to .xls or .xlsx format.

200 active installs v1.0 PHP + WP 3.0+ Updated Jun 11, 2014

excelexportspreadsheetxlsxlsx

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Export to Excel Safe to Use in 2026?

Generally Safe

Score 85/100

Export to Excel has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The "export-2-excel" plugin v1.0 exhibits a concerning security posture primarily due to its inadequate output escaping and the presence of a raw SQL query. While the plugin boasts zero AJAX handlers, REST API routes, shortcodes, and cron events, suggesting a minimal attack surface, this is overshadowed by the internal code quality issues. The static analysis revealed a significant lack of proper output escaping (only 6% properly escaped) and one instance of a SQL query not using prepared statements, both of which can lead to serious vulnerabilities like Cross-Site Scripting (XSS) and SQL Injection, respectively. The taint analysis also highlighted a flow with unsanitized paths, which could potentially be exploited if an entry point existed. The absence of any recorded vulnerabilities in its history might lead to a false sense of security; it could simply mean the plugin hasn't been targeted or thoroughly audited for these specific weaknesses yet. Therefore, while the plugin has a small attack surface and a clean vulnerability history, the identified code quality issues present real and significant risks.

Key Concerns

SQL queries not using prepared statements
Low percentage of properly escaped output
Flows with unsanitized paths

Vulnerabilities

None known

Export to Excel Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Export to Excel Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

6% escaped16 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

<excel_download> (includes\excel_download.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Export to Excel Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_menuexport-2-excel.php:23

actionnetwork_admin_menuexport-2-excel.php:24

filterplugin_action_linksexport-2-excel.php:57

Maintenance & Trust

Export to Excel Maintenance & Trust

Maintenance Signals

WordPress version tested3.9.40

Last updatedJun 11, 2014

PHP min version

Downloads29K

Community Trust

Rating48/100

Number of ratings21

Active installs200

Alternatives

Export to Excel Alternatives

Import Spreadsheets from Microsoft Excel

import-spreadsheets-from-microsoft-excel

Import live, calculating spreadsheets from Microsoft Excel to WordPress. The uploaded online spreadsheet is live, and looks and feels like in Excel.

600 2 CVEs

Timely CSV XLS exporter

timely-csv-xls-exporter

Export standard and custom post type to csv or excell format. You can export right away or send an scheduled e-mail with attachment.

30 No CVEs

Import Excel

import-excel

Plugin for import tables (xlsx) in site database

10 No CVEs

TablePress – Tables in WordPress made easy

tablepress

Embed beautiful, accessible, and interactive tables into your WordPress website’s posts and pages, without having to write code!

700K 9 CVEs

GravityExport Lite for Gravity Forms

gf-entries-in-excel

100

Export all Gravity Forms entries to Excel (.xlsx) or CSV via a download button or a secret shareable URL.

10K No CVEs

Developer Profile

Export to Excel Developer Profile

Kapil Chugh

3 plugins · 1K total installs

trust score

Avg Security Score

78/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Export to Excel

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/export-2-excel/e2e_style.css

Script Paths

/wp-content/plugins/export-2-excel/e2e_common.js

Version Parameters

export-2-excel/e2e_style.css?ver=1.0e2e_common.js?ver=1.0

HTML / DOM Fingerprints

Shortcode Output

<table><tr><td colspan=<th>Name</th><th>Description</th>

FAQ