Does Smart Table Builder have any unpatched vulnerabilities?

No. All known vulnerabilities in Smart Table Builder have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Smart Table Builder compatible with WordPress 6.9.4?

According to WordPress.org data, Smart Table Builder 1.0.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Smart Table Builder compatible with PHP 7.2+?

Smart Table Builder requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Smart Table Builder updated?

Smart Table Builder was last updated on Jan 29, 2026. Frequent updates are generally a positive security signal.

What is Smart Table Builder's security score?

Smart Table Builder has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Smart Table Builder Security & Risk Analysis

wordpress.org/plugins/smart-table-builder

Create beautiful, responsive HTML tables from scratch or convert Excel and CSV files into WordPress tables effortlessly.

100 active installs v1.0.3 PHP 7.2+ WP 4.6+ Updated Jan 29, 2026

excel-to-tableresponsive-tablesspreadsheettabletable-builder

A · Safe

CVEs total1

Unpatched0

Last CVESep 5, 2025

Plugin page Download

Safety Verdict

Is Smart Table Builder Safe to Use in 2026?

Generally Safe

Score 99/100

Smart Table Builder has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 5, 2025Updated 2mo ago

Risk Assessment

The "smart-table-builder" plugin v1.0.3 presents a mixed security posture. On the positive side, the plugin demonstrates good security practices with 100% of its SQL queries utilizing prepared statements and a high percentage (88%) of output being properly escaped. It also correctly implements nonce checks and capability checks on several entry points, and has no identified critical or high severity taint analysis issues. However, the plugin does have a past medium severity Cross-Site Scripting (XSS) vulnerability, although it is currently unpatched, indicating a potential for similar issues if not carefully managed. The presence of file operations and external HTTP requests, while not flagged as inherently insecure in this analysis, warrants attention as they can sometimes introduce vulnerabilities if not implemented with strict sanitization and validation.

The static analysis reveals a relatively small attack surface with only one shortcode. Notably, there are no identified unprotected AJAX handlers or REST API routes, which is a significant strength. The absence of dangerous functions and critical taint flows is also reassuring. The past vulnerability history, specifically an XSS issue, is the most significant concern. While it is not currently unpatched, the pattern suggests a need for ongoing vigilance and thorough code reviews to prevent recurrence. The fact that the last vulnerability was in the future (2025-09-05) is likely a data anomaly or an indicator of a future security research finding that has been pre-dated.

In conclusion, the "smart-table-builder" plugin v1.0.3 has several strong security foundations, particularly in its handling of SQL and output escaping. The limited attack surface and absence of critical taint issues are commendable. The primary area of concern stems from its vulnerability history, specifically the past XSS vulnerability, which necessitates careful monitoring and prompt patching of any future security advisories. The plugin's overall security is good, but the past XSS issue requires a cautious approach.

Key Concerns

Past medium severity XSS vulnerability
1 file operation detected
1 external HTTP request detected

Vulnerabilities

Smart Table Builder Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-9126medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Smart Table Builder <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

Sep 5, 2025 Patched in 1.0.2 (1d)

Code Analysis

Analyzed Mar 16, 2026

Smart Table Builder Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

88% escaped16 total outputs

Attack Surface

Smart Table Builder Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[smart-table-builder] includes\Frontend.php:10

WordPress Hooks 12

actionadmin_menuincludes\Admin.php:10

actionadmin_enqueue_scriptsincludes\Admin.php:41

actionadmin_print_scriptsincludes\Admin.php:42

actionrest_api_initincludes\Api.php:17

actionadmin_enqueue_scriptsincludes\Assets.php:12

actionwp_enqueue_scriptsincludes\Assets.php:14

actiongfonts_metadataincludes\GoogleFontsCache.php:13

actionplugins_loadedsmart-table-builder.php:72

actionsmart_table_builder_load_previewsmart-table-builder.php:73

actioninitsmart-table-builder.php:202

actioninitsmart-table-builder.php:205

actioninitsmart-table-builder.php:207

Maintenance & Trust

Smart Table Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 29, 2026

PHP min version7.2

Downloads2K

Community Trust

Rating100/100

Number of ratings3

Active installs100

Alternatives

Smart Table Builder Alternatives

Ninja Tables – Easy Data Table Builder

ninja-tables

Best WordPress table builder plugin packed with versatile features to create fully responsive data tables of any kind.

80K 11 CVEs

TablePress – Tables in WordPress made easy

tablepress

Embed beautiful, accessible, and interactive tables into your WordPress website’s posts and pages, without having to write code!

700K 9 CVEs

wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin

wpdatatables

The best WordPress table plugin. Create responsive, and searchable tables and charts from Excel (.xlsx, .xls or .ods), CSV, XML, JSON, and PHP.

70K 1 unpatched

WP Table Builder – Drag & Drop Table Builder

wp-table-builder

Drag and Drop Table Builder Plugin. Build Responsive Tables Easily.

50K 10 CVEs

Data Tables Generator by Supsystic

data-tables-generator-by-supsystic

Create data tables with charts and graphs. Custom design, navigation, searching and ordering functions. Export to PDF, CSV, Print. Excel spreadsheet.

20K 8 CVEs

Developer Profile

Smart Table Builder Developer Profile

Design

5 plugins · 5K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

359 days

View full developer profile

Detection Fingerprints

How We Detect Smart Table Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/smart-table-builder/includes/Assets.php/wp-content/plugins/smart-table-builder/includes/Admin.php/wp-content/plugins/smart-table-builder/includes/Frontend.php/wp-content/plugins/smart-table-builder/includes/Ajax/AjaxAction.php/wp-content/plugins/smart-table-builder/includes/Ajax/AjaxCallbacks.php/wp-content/plugins/smart-table-builder/includes/Api.php/wp-content/plugins/smart-table-builder/includes/Utils.php/wp-content/plugins/smart-table-builder/includes/GoogleFontsCache.php+1 more

Script Paths

/wp-content/plugins/smart-table-builder/assets/js/frontend.js

Version Parameters

smart-table-builder/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

Data Attributes

smart_table_builder_action

FAQ