WP-Safety

Timely CSV XLS exporter Security & Risk Analysis

wordpress.org/plugins/timely-csv-xls-exporter

Export standard and custom post type to csv or excell format. You can export right away or send an scheduled e-mail with attachment.

30 active installs v1.1.1 PHP + WP 4.5.0+ Updated Jul 10, 2017
csvemail-exportexcellexportxls
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Timely CSV XLS exporter Safe to Use in 2026?

Generally Safe

Score 85/100

Timely CSV XLS exporter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "timely-csv-xls-exporter" v1.1.1 plugin exhibits a mixed security posture. On one hand, it demonstrates strong adherence to secure coding practices by utilizing prepared statements for all SQL queries and avoiding external HTTP requests. The absence of known CVEs also suggests a history of relatively good security, or at least good disclosure and patching practices.

However, significant concerns arise from the static analysis. The presence of dangerous functions like `unserialize` and `create_function` without explicit sanitization is a red flag. Furthermore, the taint analysis revealing two flows with unsanitized paths, classified as high severity, indicates potential pathways for malicious data injection that could be exploited. The lack of nonce checks on any entry points, coupled with limited capability checks, exacerbates these risks by potentially allowing unauthorized access or execution of sensitive functions. The high percentage of file operations also warrants attention for potential manipulation risks.

While the plugin's vulnerability history is clean, this does not negate the immediate risks identified in the code. The strength of its SQL handling and lack of external requests are commendable, but the identified high-severity taint flows and use of dangerous functions present a clear and present danger that requires immediate attention and mitigation.

Key Concerns

  • High severity unsanitized taint flows
  • Dangerous functions (unserialize, create_function)
  • No nonce checks on entry points
  • Low capability checks coverage
  • 70% output escaping - implies 30% unescaped
  • Bundled libraries (dompdf, TCPDF) - potential outdated
Vulnerabilities
None known

Timely CSV XLS exporter Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Timely CSV XLS exporter Code Analysis

Dangerous Functions
12
Raw SQL Queries
0
9 prepared
Unescaped Output
36
85 escaped
Nonce Checks
0
Capability Checks
2
File Operations
190
External Requests
0
Bundled Libraries
2

Dangerous Functions Found

unserialize$this->currentObject = unserialize($obj);Classes\PHPExcel\CachedObjectStorage\APC.php:152
unserialize$this->currentObject = unserialize(fread($this->fileHandle, $this->cellCache[$pCoord]['sz']));Classes\PHPExcel\CachedObjectStorage\DiscISAM.php:118
unserialize$this->currentObject = unserialize($obj);Classes\PHPExcel\CachedObjectStorage\Memcache.php:156
unserialize$this->currentObject = unserialize(gzinflate($this->cellCache[$pCoord]));Classes\PHPExcel\CachedObjectStorage\MemoryGZip.php:93
unserialize$this->currentObject = unserialize($this->cellCache[$pCoord]);Classes\PHPExcel\CachedObjectStorage\MemorySerialized.php:91
unserialize$this->currentObject = unserialize(fread($this->fileHandle, $this->cellCache[$pCoord]['sz']));Classes\PHPExcel\CachedObjectStorage\PHPTemp.php:113
unserialize$this->currentObject = unserialize($cellResult);Classes\PHPExcel\CachedObjectStorage\SQLite.php:112
unserialize$this->currentObject = unserialize($cellData['value']);Classes\PHPExcel\CachedObjectStorage\SQLite3.php:144
unserialize$this->currentObject = unserialize($obj);Classes\PHPExcel\CachedObjectStorage\Wincache.php:154
unserialize$this->{$key} = unserialize(serialize($val));Classes\PHPExcel\Worksheet.php:2895
unserialize$this->{$key} = unserialize(serialize($val));Classes\PHPExcel.php:881
create_functionadd_filter('wp_mail_content_type',create_function('', 'return "text/html"; '));includes\function.timely_exporter.php:288

Bundled Libraries

dompdfTCPDF

SQL Query Safety

100% prepared9 total queries

Output Escaping

70% escaped121 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
request (includes\class.FATCXESettingsPage.php:110)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Timely CSV XLS exporter Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 6
actionplugins_loadedincludes\class.FATCXESettingsPage.php:40
actionadmin_menuincludes\class.FATCXESettingsPage.php:41
actionadmin_initincludes\class.FATCXESettingsPage.php:42
actionadmin_initincludes\class.FATCXESettingsPage.php:43
filterwp_mail_content_typeincludes\function.timely_exporter.php:288
actioninittimely-csv-xls-exporter.php:82
Maintenance & Trust

Timely CSV XLS exporter Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedJul 10, 2017
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs30
Alternatives

Timely CSV XLS exporter Alternatives

WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel

WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel

wp-all-export

B
84

Easily export data from any post type, custom field, or taxonomy to a CSV, XML, or Excel file of any custom format. Supports WooCommerce products, ord …

100K 7 CVEs
Product Import Export for WooCommerce – Import Export Product CSV Suite

Product Import Export for WooCommerce – Import Export Product CSV Suite

product-import-export-for-woo

A
94

Easily import/export WooCommerce products (simple, grouped, external/affiliate) via CSV. Transfer product data, including images, reviews, categories, …

90K 7 CVEs
Import and export users and customers

Import and export users and customers

import-users-from-csv-with-meta

A
93

Import and export users and customers including user meta, roles, and other. Compatible with many plugins. Do it from the front end or using cron.

80K 20 CVEs
Export and Import Users and Customers

Export and Import Users and Customers

users-customers-import-export-for-wp-woocommerce

A
95

Import and export WordPress users and WooCommerce customers using CSV. Migrate to your new site without any data loss.

60K 9 CVEs
WP Import Export Lite

WP Import Export Lite

wp-import-export-lite

A
93

Complete Import & Export solution for Posts, Pages, Custom Post, Users, Taxonomies, Comments etc.

50K 5 CVEs
Developer Profile

Timely CSV XLS exporter Developer Profile

3D Virge

3 plugins · 100K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
240 days
View full developer profile
Detection Fingerprints

How We Detect Timely CSV XLS exporter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/timely-csv-xls-exporter/css/timely-csv-xls-exporter.css/wp-content/plugins/timely-csv-xls-exporter/js/timely-csv-xls-exporter.js
Script Paths
/wp-content/plugins/timely-csv-xls-exporter/js/timely-csv-xls-exporter.js
Version Parameters
timely-csv-xls-exporter/css/timely-csv-xls-exporter.css?ver=timely-csv-xls-exporter/js/timely-csv-xls-exporter.js?ver=

HTML / DOM Fingerprints

CSS Classes
timely-csv-xls-exporter-settings
FAQ

Frequently Asked Questions about Timely CSV XLS exporter