Does Import Excel have any unpatched vulnerabilities?

No. All known vulnerabilities in Import Excel have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Import Excel compatible with WordPress 4.6.30?

According to WordPress.org data, Import Excel 1.0 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

How often is Import Excel updated?

Import Excel was last updated on Aug 15, 2016. Frequent updates are generally a positive security signal.

What is Import Excel's security score?

Import Excel has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Import Excel Security & Risk Analysis

wordpress.org/plugins/import-excel

Plugin for import tables (xlsx) in site database

10 active installs v1.0 PHP + WP 3.0+ Updated Aug 15, 2016

excelimporttablexlsx

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Import Excel Safe to Use in 2026?

Generally Safe

Score 85/100

Import Excel has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The 'import-excel' plugin v1.0 exhibits a mixed security posture. On the positive side, it demonstrates a lack of publicly disclosed vulnerabilities, a good number of nonce and capability checks, and no external HTTP requests, suggesting a generally careful development approach regarding common attack vectors. However, the static analysis reveals significant concerns, particularly the presence of the 'unserialize' function, which is inherently dangerous if used with untrusted input. Furthermore, a substantial portion of SQL queries are not prepared, increasing the risk of SQL injection. The taint analysis highlights four high-severity flows with unsanitized paths, indicating potential vulnerabilities where data could be manipulated by attackers to execute unintended code or access sensitive information. The absence of known CVEs is reassuring, but the internal code signals, especially concerning 'unserialize' and SQL practices, warrant a cautious approach.

Key Concerns

Presence of dangerous function (unserialize)
High percentage of SQL queries not using prepared statements
High severity taint flows with unsanitized paths
Lower percentage of properly escaped output

Vulnerabilities

None known

Import Excel Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Import Excel Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

15 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$price_excel_data_new = unserialize($price_excel_str);functions.php:11

unserialize$price_excel_data_new = unserialize($price_excel_str);functions.php:39

unserialize$price_excel_data_new = unserialize($price_excel_str);functions.php:66

unserialize$price_excel_data_update = unserialize($price_excel_str);functions.php:177

unserialize$price_excel_data_new = unserialize($price_excel_str);functions.php:366

SQL Query Safety

13% prepared8 total queries

Output Escaping

54% escaped28 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

9 flows5 with unsanitized paths

price_excel_add (functions.php:340)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Import Excel Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionadmin_menuimport_excel.php:18

actionadmin_menuimport_excel.php:19

actionadmin_initimport_excel.php:20

actionadmin_enqueue_scriptsimport_excel.php:21

Maintenance & Trust

Import Excel Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedAug 15, 2016

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Import Excel Alternatives

TablePress – Tables in WordPress made easy

tablepress

Embed beautiful, accessible, and interactive tables into your WordPress website’s posts and pages, without having to write code!

700K 9 CVEs

CSV Importer

csv-importer

100

Import posts from CSV files into WordPress.

4K 1 CVE

Product Excel Import & Export for WooCommerce

woo-product-excel-importer

100

WordPress Plugin to Import Products and Export Products for Woocommerce in Bulk with Excel.

2K No CVEs

Import Content in WordPress & WooCommerce with Excel

content-excel-importer

Import Posts, Pages, Simple Products for WooCommerce & Wordpress with Excel. Migrate Easily. No more CSV Hassle

600 1 CVE

Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light

excel-like-price-change-for-woocommerce-and-wp-e-commerce-light

Spreadsheet Price Changer for WooCommerce and WP E-commerce - Light

500 5 unpatched

Developer Profile

Import Excel Developer Profile

gans5131

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Import Excel

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/import-excel/style.css/wp-content/plugins/import-excel/script.js

Script Paths

/wp-content/plugins/import-excel/script.js

Version Parameters

import-excel/style.css?ver=import-excel/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

price_excel_validprice_excel_novalid

FAQ