WP-Safety

Table Editor Security & Risk Analysis

wordpress.org/plugins/wp-table-editor

Table Editor is a WordPress plugin used to quickly create tables from Excel, CSV and other data sources.

100 active installs v1.6.4 PHP 7.2+ WP 6.0+ Updated Jun 10, 2025
datatablestabletable-buildertable-editor
77
B · Generally Safe
CVEs total2
Unpatched1
Last CVEAug 25, 2025
Plugin page Download
Safety Verdict

Is Table Editor Safe to Use in 2026?

Mostly Safe

Score 77/100

Table Editor is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Aug 25, 2025Updated 9mo ago
Risk Assessment

The wp-table-editor plugin, version 1.6.4, exhibits a mixed security posture. While it demonstrates good practices in SQL query preparedness and output escaping, with high percentages of both, several areas raise concerns. The significant attack surface, particularly the presence of 6 unprotected AJAX handlers, presents a notable risk. Furthermore, the taint analysis reveals 4 high-severity flows with unsanitized paths, indicating potential vulnerabilities in how user-supplied data is processed.

The vulnerability history is a significant red flag, with 2 known CVEs, one of which remains unpatched. The historical prevalence of Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) vulnerabilities suggests a recurring pattern of issues related to input validation and authorization. The most recent vulnerability being in August 2025 also indicates a recent history of security flaws.

In conclusion, while the plugin has strengths in its handling of SQL and output, the high number of unprotected entry points, critical taint flows, and an unpatched vulnerability suggest that users should exercise caution. The recurring vulnerability types also warrant attention from the developers to address fundamental security weaknesses.

Key Concerns

  • Unprotected AJAX handlers present significant attack surface
  • 4 high-severity unsanitized taint flows found
  • 1 unpatched CVE with medium severity
  • History of CSRF and XSS vulnerabilities
  • Bundled DataTables library
Vulnerabilities
2

Table Editor Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-48310medium · 4.3Cross-Site Request Forgery (CSRF)

Table Editor <= 1.6.4 - Cross-Site Request Forgery

Aug 25, 2025Unpatched
CVE-2024-13661medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Table Editor <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 30, 2025 Patched in 1.6.0 (1d)
Code Analysis
Analyzed Mar 16, 2026

Table Editor Code Analysis

Dangerous Functions
0
Raw SQL Queries
30
197 prepared
Unescaped Output
24
406 escaped
Nonce Checks
52
Capability Checks
11
File Operations
5
External Requests
2
Bundled Libraries
1

Bundled Libraries

DataTables

SQL Query Safety

87% prepared227 total queries

Output Escaping

94% escaped430 total outputs
Data Flows
9 unsanitized

Data Flow Analysis

14 flows9 with unsanitized paths
<column_action> (includes\admin\column_action.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Table Editor Attack Surface

Entry Points9
Unprotected6

AJAX Handlers 6

authwp_ajax_table_style_xsincludes\admin\ajax.php:34
authwp_ajax_column_style_xsincludes\admin\ajax.php:35
noprivwp_ajax_row_getdatas_wpteincludes\public\shortcode.php:22
noprivwp_ajax_row_search_wpteincludes\public\shortcode.php:23
authwp_ajax_row_getdatas_wpteincludes\public\shortcode.php:24
authwp_ajax_row_search_wpteincludes\public\shortcode.php:25

Shortcodes 3

[wptableeditor] includes\public\shortcode.php:14
[wptableeditor_htabs] includes\public\shortcode.php:17
[wptableeditor_vtabs] includes\public\shortcode.php:20
WordPress Hooks 13
actionadmin_initincludes\admin\function.php:10
actionadmin_post_uninstall_wptableeditorincludes\admin\function.php:11
actionadmin_post_export_wptableeditorincludes\admin\function.php:12
filterupload_mimesincludes\admin\function.php:13
filtermce_buttons_2includes\admin\function.php:14
actionadmin_enqueue_scriptsincludes\admin\option.php:12
actionadmin_initincludes\admin\option.php:13
actionin_admin_headerincludes\admin\option.php:23
actionwp_enqueue_scriptsincludes\public\shortcode.php:12
actionplugins_loadedmain.php:38
actionadmin_menumain.php:40
actionadmin_enqueue_scriptsmain.php:41
actionin_admin_headermain.php:43
Maintenance & Trust

Table Editor Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 10, 2025
PHP min version7.2
Downloads6K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

Table Editor Alternatives

Stylish Google Sheet Reader – Embed Google Sheets as Interactive Tables with Built-in Form Submissions

Stylish Google Sheet Reader – Embed Google Sheets as Interactive Tables with Built-in Form Submissions

stylish-google-sheet-reader

A
99

Effortlessly create responsive, searchable, auto-refreshable data tables — now with built-in form submissions to receive orders or inquiries directly.

200 2 CVEs
Ninja Tables – Easy Data Table Builder

Ninja Tables – Easy Data Table Builder

ninja-tables

A
92

Best WordPress table builder plugin packed with versatile features to create fully responsive data tables of any kind.

80K 11 CVEs
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin

wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin

wpdatatables

D
40

The best WordPress table plugin. Create responsive, and searchable tables and charts from Excel (.xlsx, .xls or .ods), CSV, XML, JSON, and PHP.

70K 1 unpatched
WP Table Builder – Drag & Drop Table Builder

WP Table Builder – Drag & Drop Table Builder

wp-table-builder

A
95

Drag and Drop Table Builder Plugin. Build Responsive Tables Easily.

50K 10 CVEs
Data Tables Generator by Supsystic

Data Tables Generator by Supsystic

data-tables-generator-by-supsystic

A
89

Create data tables with charts and graphs. Custom design, navigation, searching and ordering functions. Export to PDF, CSV, Print. Excel spreadsheet.

20K 8 CVEs
Developer Profile

Table Editor Developer Profile

wptableeditor

1 plugin · 100 total installs

84
trust score
Avg Security Score
77/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Table Editor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-table-editor/assets/css/wp-table-editor.css/wp-content/plugins/wp-table-editor/assets/js/wp-table-editor.js/wp-content/plugins/wp-table-editor/assets/css/bootstrap.min.css/wp-content/plugins/wp-table-editor/assets/css/select2.min.css/wp-content/plugins/wp-table-editor/assets/css/jquery.dataTables.min.css/wp-content/plugins/wp-table-editor/assets/js/bootstrap.min.js/wp-content/plugins/wp-table-editor/assets/js/select2.min.js/wp-content/plugins/wp-table-editor/assets/js/jquery.dataTables.min.js+2 more
Script Paths
/wp-content/plugins/wp-table-editor/assets/js/wp-table-editor.js
Version Parameters
wp-table-editor/style.css?ver=wp-table-editor/script.js?ver=wp-table-editor/assets/css/wp-table-editor.css?ver=wp-table-editor/assets/js/wp-table-editor.js?ver=wp-table-editor/assets/css/bootstrap.min.css?ver=wp-table-editor/assets/css/select2.min.css?ver=wp-table-editor/assets/css/jquery.dataTables.min.css?ver=wp-table-editor/assets/js/bootstrap.min.js?ver=wp-table-editor/assets/js/select2.min.js?ver=wp-table-editor/assets/js/jquery.dataTables.min.js?ver=wp-table-editor/assets/js/tabledit.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
xscontainerpanelpanel-defaultpanel-headingpanel-titlexscss-contentnav-tab-xsbtn-danger+1 more
HTML Comments
<!-- wp table editor -->
Data Attributes
data-table-iddata-row-iddata-col-id
JS Globals
wptableeditor_ajax_objectwptableeditor_params
Shortcode Output
[wp_table_editor
FAQ

Frequently Asked Questions about Table Editor