WP-Safety

FlexTable – Data Table Sync with Google Sheets Security & Risk Analysis

wordpress.org/plugins/sheets-to-wp-table-live-sync

Turn Google Sheets into live WordPress tables. Embed, sync, and customize data instantly with search, filters, and styling - no coding needed.

4K active installs v3.23.0 PHP 7.2+ WP 5.0+ Updated Apr 6, 2026
data-tablegoogle-sheetstabletable-pluginwordpress-table
95
A · Safe
CVEs total4
Unpatched0
Last CVEDec 15, 2025
Plugin page Download
Safety Verdict

Is FlexTable – Data Table Sync with Google Sheets Safe to Use in 2026?

Generally Safe

Score 95/100

FlexTable – Data Table Sync with Google Sheets has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

4 known CVEsLast CVE: Dec 15, 2025Updated 1mo ago
Risk Assessment

The "sheets-to-wp-table-live-sync" v3.22.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong practices in output escaping and a significant percentage of SQL queries utilizing prepared statements. The absence of currently unpatched CVEs is also a good sign. However, several areas raise concern. The static analysis reveals a substantial attack surface with 35 AJAX handlers, two of which lack authentication checks, presenting a clear entry point for unauthorized actions. Furthermore, the presence of six unsanitized path flows in the taint analysis, including two of high severity, indicates potential vulnerabilities related to file access or manipulation. The vulnerability history, while currently clear of critical or high-severity issues, shows a past prevalence of Cross-site Scripting (XSS), Cross-Site Request Forgery (CSRF), and Missing Authorization vulnerabilities. This pattern suggests that while recent versions may have addressed these, the underlying code structure could still be susceptible if not rigorously maintained. The use of the "unserialize" function is also a potential risk factor, especially if user-supplied data is involved without proper sanitization.

Overall, the plugin has good output sanitization and a decent approach to SQL queries. However, the unprotected AJAX endpoints and the high-severity taint flows are significant immediate risks. The historical vulnerability types also warrant caution, suggesting a need for ongoing vigilance. The plugin's reliance on a bundled library (DataTables) could also be a point of concern if that library is not kept up-to-date. The presence of unprotected AJAX handlers is a critical flaw that needs immediate attention, and the high-severity taint flows indicate potential for serious exploits.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • Flows with unsanitized paths
  • Dangerous function (unserialize)
  • Bundled library (DataTables)
Vulnerabilities
4 published

FlexTable – Data Table Sync with Google Sheets Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2023
2023
1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
4

4 total CVEs

CVE-2025-9543medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FlexTable Google Sheets Connector <= 3.19.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Dec 15, 2025 Patched in 3.19.2 (31d)
CVE-2024-34375medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Sheets To WP Table Live Sync <= 3.7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

May 3, 2024 Patched in 3.7.1 (5d)
CVE-2023-26535medium · 5.4Cross-Site Request Forgery (CSRF)

Sheets To WP Table Live Sync <= 2.12.15 - Cross-Site Request Forgery

Feb 27, 2023 Patched in 2.13.0 (330d)
WF-84003388-c47c-41db-8d2d-4643aa375a89-sheets-to-wp-table-live-syncmedium · 4.3Missing Authorization

Appsero <= 1.2.1 - Missing Authorization

Dec 16, 2022 Patched in 2.12.15 (699d)
Version History

FlexTable – Data Table Sync with Google Sheets Release Timeline

v3.23.0Current
v3.22.2
v3.22.1
v3.22.0
v3.21.0
v3.20.1
v3.20.0
v3.19.2
v3.19.11 CVE
CVE-2025-9543
v3.19.01 CVE
CVE-2025-9543
v3.18.31 CVE
CVE-2025-9543
v3.18.21 CVE
CVE-2025-9543
v3.18.11 CVE
CVE-2025-9543
v3.18.01 CVE
CVE-2025-9543
v3.17.41 CVE
CVE-2025-9543
v3.17.31 CVE
CVE-2025-9543
v3.17.21 CVE
CVE-2025-9543
v3.17.11 CVE
CVE-2025-9543
v3.17.01 CVE
CVE-2025-9543
v3.16.01 CVE
CVE-2025-9543
Code Analysis
Analyzed Mar 16, 2026

FlexTable – Data Table Sync with Google Sheets Code Analysis

Dangerous Functions
4
Raw SQL Queries
19
24 prepared
Unescaped Output
4
435 escaped
Nonce Checks
28
Capability Checks
11
File Operations
6
External Requests
9
Bundled Libraries
1

Dangerous Functions Found

unserialize$settings = null !== $settings ? $settings : unserialize( $table['table_settings'] ); // phpcs:ignapp\Ajax\Tables.php:447
unserialize$settings = null !== $settings ? $settings : unserialize( $table['table_settings'] ); // phpcs:ignapp\Ajax\Tables.php:673
unserialize$settings = null !== $settings ? $settings : unserialize( $table['table_settings'] ); // phpcs:ignapp\Ajax\Tables.php:730
unserialize$settings = null !== json_decode( $table['table_settings'] ) ? json_decode( $table['table_settings']app\Shortcode.php:105

Bundled Libraries

DataTables

SQL Query Safety

56% prepared43 total queries

Output Escaping

99% escaped439 total outputs
Data Flows · Security
6 unsanitized

Data Flow Analysis

10 flows6 with unsanitized paths
create (app\Ajax\Tables.php:347)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

FlexTable – Data Table Sync with Google Sheets Attack Surface

Entry Points36
Unprotected2

AJAX Handlers 35

authwp_ajax_gswpts_notice_actionapp\Ajax\Notices.php:27
noprivwp_ajax_gswpts_notice_actionapp\Ajax\Notices.php:28
authwp_ajax_gswpts_pro_fix_actionapp\Ajax\Notices.php:29
authwp_ajax_gswpts_product_fetchapp\Ajax\Products.php:28
authwp_ajax_swptls_get_settingsapp\Ajax\Settings.php:25
authwp_ajax_swptls_save_settingsapp\Ajax\Settings.php:26
authwp_ajax_gswpts_sheet_createapp\Ajax\Tables.php:28
noprivwp_ajax_gswpts_sheet_createapp\Ajax\Tables.php:29
authwp_ajax_gswpts_manage_tab_toggleapp\Ajax\Tables.php:30
authwp_ajax_gswpts_ud_tableapp\Ajax\Tables.php:31
authwp_ajax_swptls_create_tableapp\Ajax\Tables.php:33
authwp_ajax_swptls_edit_tableapp\Ajax\Tables.php:34
authwp_ajax_swptls_delete_tableapp\Ajax\Tables.php:35
authwp_ajax_swptls_copy_tableapp\Ajax\Tables.php:36
authwp_ajax_swptls_get_tablesapp\Ajax\Tables.php:37
authwp_ajax_swptls_save_tableapp\Ajax\Tables.php:39
authwp_ajax_swptls_update_sortingapp\Ajax\Tables.php:41
authwp_ajax_swptls_update_sorting_feapp\Ajax\Tables.php:42
authwp_ajax_gswpts_sheet_fetchapp\Ajax\Tables.php:44
noprivwp_ajax_gswpts_sheet_fetchapp\Ajax\Tables.php:45
authwp_ajax_swptls_get_table_previewapp\Ajax\Tables.php:46
authwp_ajax_swptls_test_ai_apiapp\Ajax\Tables.php:49
authwp_ajax_swptls_get_ai_providersapp\Ajax\Tables.php:50
authwp_ajax_gswpts_generate_ai_summaryapp\Ajax\Tables.php:52
noprivwp_ajax_gswpts_generate_ai_summaryapp\Ajax\Tables.php:53
authwp_ajax_swptls_generate_backend_summaryapp\Ajax\Tables.php:56
authwp_ajax_swptls_save_backend_summaryapp\Ajax\Tables.php:57
authwp_ajax_swptls_get_backend_summaryapp\Ajax\Tables.php:58
authwp_ajax_swptls_get_frontend_backend_summaryapp\Ajax\Tables.php:61
noprivwp_ajax_swptls_get_frontend_backend_summaryapp\Ajax\Tables.php:62
authwp_ajax_swptls_dismiss_cta_noticeapp\Ajax\Tables.php:65
authwp_ajax_swptls_dismiss_cta_notice_tabsapp\Ajax\Tables.php:68
authwp_ajax_gswpts_process_table_promptapp\Ajax\Tables.php:70
noprivwp_ajax_gswpts_process_table_promptapp\Ajax\Tables.php:71
authwp_ajax_gswpts_ud_tabapp\Ajax\Tabs.php:26

Shortcodes 1

[gswpts_table] app\Shortcode.php:28
WordPress Hooks 24
actionadmin_menuapp\Admin.php:28
actionadmin_initapp\Admin.php:29
actionadmin_initapp\Admin.php:30
actionadmin_initapp\Admin.php:32
actionadmin_footerapp\Admin.php:95
actionadmin_enqueue_scriptsapp\Assets.php:28
actionenqueue_block_editor_assetsapp\Assets.php:29
actionwp_enqueue_scriptsapp\Assets.php:30
actioninitapp\Assets.php:31
actionwp_enqueue_scriptsapp\Assets.php:47
actionet_builder_readyapp\Divi\DiviBase.php:38
actionwp_enqueue_scriptsapp\Divi\DiviBase.php:39
actionelementor/initapp\Elementor\ElementorBase.php:55
actionelementor/editor/after_enqueue_scriptsapp\Elementor\ElementorBase.php:58
actionadmin_noticesapp\Elementor\ElementorBase.php:97
actionelementor/widgets/registerapp\Elementor\ElementorBase.php:114
actionwp_initialize_siteapp\Multisite.php:27
filterwpmu_drop_tablesapp\Multisite.php:28
actionadmin_noticesapp\Notices.php:51
actionadmin_noticesapp\Notices.php:150
actioninitapp\SWPTLS.php:151
actioninitapp\SWPTLS.php:152
actionadmin_initapp\SWPTLS.php:181
actionadmin_noticessheets-to-wp-table-live-sync.php:29
Maintenance & Trust

FlexTable – Data Table Sync with Google Sheets Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 6, 2026
PHP min version7.2
Downloads161K

Community Trust

Rating92/100
Number of ratings33
Active installs4K
Alternatives

FlexTable – Data Table Sync with Google Sheets Alternatives

Posts Table with Search & Sort

Posts Table with Search & Sort

posts-data-table

A
99

Automatically create searchable and sortable tables of your posts.

3K 1 CVE
Sheetable – Google Sheets to WP Table

Sheetable – Google Sheets to WP Table

sheetable-datatable-from-google-sheet

A
100

Turn Google Sheets into WP tables with search, sorting & pagination. No API key needed. Ultra-lightweight.

60 No CVEs
Stylish Google Sheet Reader – Embed Google Sheets as Interactive Tables with Built-in Form Submissions

Stylish Google Sheet Reader – Embed Google Sheets as Interactive Tables with Built-in Form Submissions

stylish-google-sheet-reader

A
99

Effortlessly create responsive, searchable, auto-refreshable data tables — now with built-in form submissions to receive orders or inquiries directly.

200 2 CVEs
WP Post List Table

WP Post List Table

wp-post-list-table

A
99

Display products in a customizable, user-friendly table layout with Product Table for WooCommerce. Boost sales with quick search and easy filtering!

80 1 CVE
WP Tabular – HTML Table Generator for WordPress

WP Tabular – HTML Table Generator for WordPress

wp-tabular

A
85

WP Table plugin will help you to generate html table simply using GUI

60 No CVEs
Developer Profile

FlexTable – Data Table Sync with Google Sheets Developer Profile

WPPOOL

16 plugins · 32K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
322 days
View full developer profile
Detection Fingerprints

How We Detect FlexTable – Data Table Sync with Google Sheets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sheets-to-wp-table-live-sync/assets/admin.css/wp-content/plugins/sheets-to-wp-table-live-sync/assets/public/styles/style-2.min.css/wp-content/plugins/sheets-to-wp-table-live-sync/react/build/index.css/wp-content/plugins/sheets-to-wp-table-live-sync/react/build/index.js/wp-content/plugins/sheets-to-wp-table-live-sync/assets/public/scripts/backend/admin.min.js/wp-content/plugins/sheets-to-wp-table-live-sync/assets/swptls-prevent.css/wp-content/plugins/sheets-to-wp-table-live-sync/assets/swptls-notices.css
Script Paths
/wp-content/plugins/sheets-to-wp-table-live-sync/react/build/index.js/wp-content/plugins/sheets-to-wp-table-live-sync/assets/public/scripts/backend/admin.min.js
Version Parameters
sheets-to-wp-table-live-sync/assets/admin.css?ver=sheets-to-wp-table-live-sync/assets/public/styles/style-2.min.css?ver=sheets-to-wp-table-live-sync/react/build/index.css?ver=sheets-to-wp-table-live-sync/react/build/index.js?ver=sheets-to-wp-table-live-sync/assets/public/scripts/backend/admin.min.js?ver=sheets-to-wp-table-live-sync/assets/swptls-prevent.css?ver=sheets-to-wp-table-live-sync/assets/swptls-notices.css?ver=

HTML / DOM Fingerprints

Data Attributes
gswpts_tablegswpts_tab
JS Globals
SWPTLS_APP
FAQ

Frequently Asked Questions about FlexTable – Data Table Sync with Google Sheets