WP-Safety

Post to CSV by BestWebSoft Security & Risk Analysis

wordpress.org/plugins/post-to-csv

Export WordPress posts to CSV file format easily. Configure data order.

200 active installs v1.4.2 PHP + WP 5.6+ Updated Jun 10, 2025
add-post-to-csvcsvcsv-fileexport-fieldsexport-page
98
A · Safe
CVEs total3
Unpatched0
Last CVEJun 28, 2023
Plugin page Download
Safety Verdict

Is Post to CSV by BestWebSoft Safe to Use in 2026?

Generally Safe

Score 98/100

Post to CSV by BestWebSoft has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jun 28, 2023Updated 9mo ago
Risk Assessment

The post-to-csv plugin version 1.4.2 exhibits a generally strong security posture based on the provided static analysis. The lack of unprotected entry points and the high percentage of prepared statements for SQL queries are positive indicators. The extensive use of nonce and capability checks further bolsters its defenses against common attack vectors. However, the plugin's vulnerability history, with three documented CVEs including a high-severity one, raises significant concerns about past security oversights and the potential for recurring issues.

The historical prevalence of 'Improper Neutralization of Formula Elements in a CSV File' and 'Cross-site Scripting' vulnerabilities, even though currently patched, suggests underlying weaknesses in how user-supplied data is handled when generating CSV output and when displayed on web pages. While the current analysis shows no critical taint flows or unsanitized paths, the historical pattern warrants continued vigilance and thorough code auditing for these specific vulnerability types. The presence of file operations and external HTTP requests, while not flagged as risky in this static analysis, can sometimes be entry points for vulnerabilities if not handled with extreme care and proper input validation.

Key Concerns

  • High severity vulnerability in history
  • Medium severity vulnerabilities in history
  • Total of 3 known CVEs
  • Historical XSS vulnerabilities
  • Historical CSV formula injection vulnerabilities
Vulnerabilities
3

Post to CSV by BestWebSoft Security Vulnerabilities

CVEs by Year

1 CVE in 2017
2017
1 CVE in 2022
2022
1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2023-36527high · 7.4Improper Neutralization of Formula Elements in a CSV File

Post to CSV by BestWebSoft <= 1.4.0 - Authenticated (Author+) CSV Injection

Jun 28, 2023 Patched in 1.4.1 (209d)
CVE-2022-3393medium · 6.8Improper Neutralization of Formula Elements in a CSV File

Post to CSV by BestWebSoft <= 1.3.8 - Authenticated (Author+) CSV Injection

Oct 3, 2022 Patched in 1.3.9 (477d)
WF-b2af416b-4510-468f-81ef-aa09f2fd51ac-post-to-csvmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post to CSV by BestWebSoft < 1.3.1 - Reflected Cross-Site Scripting

Apr 12, 2017 Patched in 1.3.1 (2477d)
Code Analysis
Analyzed Mar 16, 2026

Post to CSV by BestWebSoft Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
16 prepared
Unescaped Output
19
515 escaped
Nonce Checks
22
Capability Checks
3
File Operations
4
External Requests
6
Bundled Libraries
0

SQL Query Safety

89% prepared18 total queries

Output Escaping

96% escaped534 total outputs
Data Flows
All sanitized

Data Flow Analysis

6 flows
bws_add_menu_render (bws_menu\bws_menu.php:18)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Post to CSV by BestWebSoft Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_bws_submit_request_feature_actionbws_menu\class-bws-settings.php:1466
authwp_ajax_bws_submit_uninstall_reason_actionbws_menu\deactivation-form.php:433
WordPress Hooks 17
filterload_textdomain_mofilebws_menu\bws_functions.php:43
filtermce_external_pluginsbws_menu\bws_functions.php:1146
filtermce_buttonsbws_menu\bws_functions.php:1147
actionadmin_initbws_menu\bws_functions.php:1433
actionadmin_enqueue_scriptsbws_menu\bws_functions.php:1434
actionadmin_headbws_menu\bws_functions.php:1435
actionadmin_footerbws_menu\bws_functions.php:1436
actionadmin_noticesbws_menu\bws_functions.php:1438
actionwp_enqueue_scriptsbws_menu\bws_functions.php:1440
actionadmin_menupost-to-csv.php:617
actioninitpost-to-csv.php:618
actionadmin_initpost-to-csv.php:619
actionplugins_loadedpost-to-csv.php:620
actionadmin_enqueue_scriptspost-to-csv.php:621
filterplugin_action_linkspost-to-csv.php:623
filterplugin_row_metapost-to-csv.php:624
actionadmin_noticespost-to-csv.php:626
Maintenance & Trust

Post to CSV by BestWebSoft Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 10, 2025
PHP min version
Downloads16K

Community Trust

Rating54/100
Number of ratings3
Active installs200
Alternatives

Post to CSV by BestWebSoft Alternatives

SWE Easy Orders Export

SWE Easy Orders Export

swe-easy-orders-export

A
85

SWE Easy Orders Export

0 No CVEs
TablePress – Tables in WordPress made easy

TablePress – Tables in WordPress made easy

tablepress

A
89

Embed beautiful, accessible, and interactive tables into your WordPress website’s posts and pages, without having to write code!

700K 9 CVEs
WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel

WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel

wp-all-export

B
84

Easily export data from any post type, custom field, or taxonomy to a CSV, XML, or Excel file of any custom format. Supports WooCommerce products, ord &hellip;

100K 7 CVEs
WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets

WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets

wp-all-import

B
75

Easily import any file of any size into any plugin, post type, custom field, or taxonomy. Supports WooCommerce, ACF, images, galleries, users, real es &hellip;

100K 22 CVEs
Product Import Export for WooCommerce – Import Export Product CSV Suite

Product Import Export for WooCommerce – Import Export Product CSV Suite

product-import-export-for-woo

A
94

Easily import/export WooCommerce products (simple, grouped, external/affiliate) via CSV. Transfer product data, including images, reviews, categories, &hellip;

90K 7 CVEs
Developer Profile

Post to CSV by BestWebSoft Developer Profile

bestweblayout

32 plugins · 17K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
1944 days
View full developer profile
Detection Fingerprints

How We Detect Post to CSV by BestWebSoft

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/post-to-csv/css/psttcsv_admin_style.css/wp-content/plugins/post-to-csv/js/psttcsv_admin_script.js
Script Paths
/wp-content/plugins/post-to-csv/js/psttcsv_admin_script.js
Version Parameters
post-to-csv/css/psttcsv_admin_style.css?ver=post-to-csv/js/psttcsv_admin_script.js?ver=

HTML / DOM Fingerprints

CSS Classes
psttcsv-title
HTML Comments
© Copyright 2021 BestWebSoft ( https://support.bestwebsoft.com )This program is free software; you can redistribute it and/or modifyit under the terms of the GNU General Public License, version 2, aspublished by the Free Software Foundation.+7 more
Data Attributes
data-id="113"
JS Globals
psttcsv_plugin_infopsttcsv_optionsbws_plugin_info
FAQ

Frequently Asked Questions about Post to CSV by BestWebSoft