Title: Security question Last modified: May 19, 2026 --- # Security question * Resolved [Erick](https://wordpress.org/support/users/relozo/) * (@relozo) * [3 days, 5 hours ago](https://wordpress.org/support/topic/security-question-36/) * Hi Tobias, * Hope you’re well. * I want to ask regarding one of your library. `/tablepress/libraries/evalmath. class.php` * It was flagged internally that `Using eval on expressions based on user input can execute arbitrary code.` and avoid if possible. * Would you be able to advise if this is safe on your side? Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Author [Tobias Bäthge](https://wordpress.org/support/users/tobiasbg/) * (@tobiasbg) * [2 days, 23 hours ago](https://wordpress.org/support/topic/security-question-36/#post-18913100) * Hi [@relozo](https://wordpress.org/support/users/relozo/), * Thanks for your question, I will be happy to help! * In this case, this report is a false positive: The evalmath.class.php file does indeed use the PHP `eval` function, which can be used to execute PHP code. It will however only execute safely constructed commands (for evaluating mathematical expressions), so that there is no risk here and this is safe to use. * (In addition, this library is actually only used on “legacy” systems, with older versions of PHP on the site that don’t have the “mbstring” PHP extension installed. On modern systems, a different library will be used that does not depend on using` eval`.) * Best wishes, Tobias * Thread Starter [Erick](https://wordpress.org/support/users/relozo/) * (@relozo) * [2 days, 23 hours ago](https://wordpress.org/support/topic/security-question-36/#post-18913135) * Hi Tobias, * Thank you for responding and explanation 🙂 * I’ll let you know if there’s any further questions, but I’ll mark it as resolved. * Have a great week ahead. * Plugin Author [Tobias Bäthge](https://wordpress.org/support/users/tobiasbg/) * (@tobiasbg) * [2 days, 22 hours ago](https://wordpress.org/support/topic/security-question-36/#post-18913173) * Hi, * no problem, you are very welcome! 🙂 Good to hear that this helped! * Best wishes, Tobias * P.S.: In case you haven’t, please [rate TablePress in the plugin directory](https://wordpress.org/support/plugin/tablepress/reviews/#new-post). Thanks! Viewing 3 replies - 1 through 3 (of 3 total) You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsecurity-question-36%2F%3Foutput_format%3Dmd&locale=en_US) to reply to this topic. * ![](https://ps.w.org/tablepress/assets/icon.svg?rev=3192944) * [TablePress - Tables in WordPress made easy](https://wordpress.org/plugins/tablepress/) * [Frequently Asked Questions](https://wordpress.org/plugins/tablepress/#faq) * [Support Threads](https://wordpress.org/support/plugin/tablepress/) * [Active Topics](https://wordpress.org/support/plugin/tablepress/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/tablepress/unresolved/) * [Reviews](https://wordpress.org/support/plugin/tablepress/reviews/) * 3 replies * 2 participants * Last reply from: [Tobias Bäthge](https://wordpress.org/support/users/tobiasbg/) * Last activity: [2 days, 22 hours ago](https://wordpress.org/support/topic/security-question-36/#post-18913173) * Status: resolved