WP-Safety

WP Excel 2 DB Security & Risk Analysis

wordpress.org/plugins/wp-excel-2-db

Import excel sheet to wordpress database table form wordpress dashboard.

20 active installs v1.0.0 PHP + WP 2.6+ Updated Jan 25, 2017
csvdatabaseexcelimportreader
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Excel 2 DB Safe to Use in 2026?

Generally Safe

Score 85/100

WP Excel 2 DB has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The wp-excel-2-db v1.0.0 plugin exhibits a mixed security posture. While it demonstrates good practices in using prepared statements for SQL queries and proper output escaping, significant concerns exist regarding its attack surface and handling of sensitive operations. The presence of a single unprotected AJAX handler is a major red flag, as it represents a direct entry point for attackers without any authentication or authorization checks. Furthermore, the code analysis reveals the use of the dangerous `unserialize` function and two taint analysis flows with unsanitized paths, indicating potential vulnerabilities related to deserialization and data manipulation.

Key Concerns

  • Unprotected AJAX handler
  • Use of unserialize function
  • Taint flows with unsanitized paths (High severity)
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

WP Excel 2 DB Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP Excel 2 DB Code Analysis

Dangerous Functions
11
Raw SQL Queries
2
7 prepared
Unescaped Output
8
78 escaped
Nonce Checks
0
Capability Checks
0
File Operations
186
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$this->currentObject = unserialize($obj);public\phpexcel\Classes\PHPExcel\CachedObjectStorage\APC.php:152
unserialize$this->currentObject = unserialize(fread($this->fileHandle, $this->cellCache[$pCoord]['sz']));public\phpexcel\Classes\PHPExcel\CachedObjectStorage\DiscISAM.php:118
unserialize$this->currentObject = unserialize($obj);public\phpexcel\Classes\PHPExcel\CachedObjectStorage\Memcache.php:156
unserialize$this->currentObject = unserialize(gzinflate($this->cellCache[$pCoord]));public\phpexcel\Classes\PHPExcel\CachedObjectStorage\MemoryGZip.php:93
unserialize$this->currentObject = unserialize($this->cellCache[$pCoord]);public\phpexcel\Classes\PHPExcel\CachedObjectStorage\MemorySerialized.php:91
unserialize$this->currentObject = unserialize(fread($this->fileHandle, $this->cellCache[$pCoord]['sz']));public\phpexcel\Classes\PHPExcel\CachedObjectStorage\PHPTemp.php:113
unserialize$this->currentObject = unserialize($cellResult);public\phpexcel\Classes\PHPExcel\CachedObjectStorage\SQLite.php:112
unserialize$this->currentObject = unserialize($cellData['value']);public\phpexcel\Classes\PHPExcel\CachedObjectStorage\SQLite3.php:144
unserialize$this->currentObject = unserialize($obj);public\phpexcel\Classes\PHPExcel\CachedObjectStorage\Wincache.php:154
unserialize$this->{$key} = unserialize(serialize($val));public\phpexcel\Classes\PHPExcel\Worksheet.php:2895
unserialize$this->{$key} = unserialize(serialize($val));public\phpexcel\Classes\PHPExcel.php:881

SQL Query Safety

78% prepared9 total queries

Output Escaping

91% escaped86 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
excel_to_dbtable (public\class-wp-excel-2-db-public.php:141)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WP Excel 2 DB Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_excel_to_dbtablepublic\class-wp-excel-2-db-public.php:55
WordPress Hooks 6
actionplugins_loadedincludes\class-wp-excel-2-db.php:139
actionadmin_enqueue_scriptsincludes\class-wp-excel-2-db.php:154
actionadmin_enqueue_scriptsincludes\class-wp-excel-2-db.php:155
actionwp_enqueue_scriptsincludes\class-wp-excel-2-db.php:170
actionwp_enqueue_scriptsincludes\class-wp-excel-2-db.php:171
actionadmin_menupublic\class-wp-excel-2-db-public.php:54
Maintenance & Trust

WP Excel 2 DB Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32
Last updatedJan 25, 2017
PHP min version
Downloads4K

Community Trust

Rating60/100
Number of ratings2
Active installs20
Alternatives

WP Excel 2 DB Alternatives

CSV Importer

CSV Importer

csv-importer

A
100

Import posts from CSV files into WordPress.

4K 1 CVE
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light

Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light

excel-like-price-change-for-woocommerce-and-wp-e-commerce-light

F
18

Spreadsheet Price Changer for WooCommerce and WP E-commerce - Light

500 5 unpatched
CSV Importer Improved

CSV Importer Improved

csv-importer-improved

C
63

Import posts from CSV files into WordPress.

100 1 unpatched
Import Excel to Gravity Forms

Import Excel to Gravity Forms

gf-excel-import

A
90

Bulk Import of Records from Excel (CSV) files for "Gravity Forms" with Validation and Internal Logic support.

100 1 CVE
Feed2Post – Import feeds as posts and users

Feed2Post – Import feeds as posts and users

feed2post-ircf

A
100

Feed2Post provides a single interface to import multiple types of feeds into posts and/or users.

30 No CVEs
Developer Profile

WP Excel 2 DB Developer Profile

Hussam Hussien

2 plugins · 30 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Excel 2 DB

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-excel-2-db/css/wp-excel-2-db-admin.css/wp-content/plugins/wp-excel-2-db/js/wp-excel-2-db-admin.js
Script Paths
/wp-content/plugins/wp-excel-2-db/js/wp-excel-2-db-admin.js
Version Parameters
wp-excel-2-db/css/wp-excel-2-db-admin.css?ver=wp-excel-2-db/js/wp-excel-2-db-admin.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about WP Excel 2 DB