WP-Safety

Ninja Announcements Lite Security & Risk Analysis

wordpress.org/plugins/ninja-announcements

This plugin lets you create announcements (text and/or media) that are displayed in various places of your WordPress installation.

40 active installs v2.3.2 PHP + WP 3.1+ Updated Nov 21, 2012
alertannouncementnotice
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Ninja Announcements Lite Safe to Use in 2026?

Generally Safe

Score 85/100

Ninja Announcements Lite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago
Risk Assessment

The ninja-announcements plugin version 2.3.2 presents significant security concerns due to a large number of unprotected AJAX handlers. With 8 AJAX handlers identified and all of them lacking authentication checks, this plugin exposes a substantial attack surface directly to unauthenticated users. While the plugin has a clean vulnerability history with no known CVEs, this lack of historical issues does not mitigate the immediate risks identified in the static analysis. The presence of two dangerous functions (create_function and unserialize) and a low percentage of properly escaped outputs (5%) further contribute to the risk profile, especially when combined with the identified unsanitized taint flows. The limited use of nonces and capabilities checks on entry points amplifies the potential for malicious exploitation. Overall, the plugin exhibits several fundamental security weaknesses despite its lack of documented past vulnerabilities.

Key Concerns

  • 8 unprotected AJAX handlers
  • 2 dangerous functions (create_function, unserialize)
  • 2 taint flows with unsanitized paths
  • Low output escaping (5%)
  • Only 2 nonce checks
  • Only 6 capability checks
Vulnerabilities
None known

Ninja Announcements Lite Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Ninja Announcements Lite Code Analysis

Dangerous Functions
2
Raw SQL Queries
1
8 prepared
Unescaped Output
104
5 escaped
Nonce Checks
2
Capability Checks
6
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_action( 'widgets_init', create_function( '', 'register_widget("Ninja_Annc_Widget");' ) );includes\widget.class.php:254
unserialize$plugins = unserialize( $r['body']['plugins'] );ninja_annc.php:59

SQL Query Safety

89% prepared9 total queries

Output Escaping

5% escaped109 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
ninja_annc_widget_change (includes\ajax-functions.php:43)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Ninja Announcements Lite Attack Surface

Entry Points8
Unprotected8

AJAX Handlers 8

authwp_ajax_ninja_annc_activateincludes\ajax-functions.php:2
authwp_ajax_ninja_annc_group_activateincludes\ajax-functions.php:13
authwp_ajax_ninja_annc_deactivateincludes\ajax-functions.php:22
authwp_ajax_ninja_annc_group_deactivateincludes\ajax-functions.php:33
authwp_ajax_ninja_annc_widget_changeincludes\ajax-functions.php:42
authwp_ajax_ninja_annc_autocompleteincludes\ajax-functions.php:67
noprivwp_ajax_ninja_annc_closeincludes\ajax-functions.php:88
authwp_ajax_ninja_annc_closeincludes\ajax-functions.php:89
WordPress Hooks 19
actionmanage_posts_custom_columnincludes\columns.php:3
filtermanage_edit-ninja_annc_columnsincludes\columns.php:4
filtermanage_edit-ninja_annc_sortable_columnsincludes\columns.php:103
actioninitincludes\cpt.php:2
actioninitincludes\display.php:2
filterninja_annc_title_1225includes\display.php:660
filterninja_annc_content_1225includes\display.php:661
actionsave_postincludes\meta-boxes.php:183
actionadd_meta_boxesincludes\meta-boxes.php:186
actionadmin_menuincludes\plugin-settings.php:6
actionadmin_headincludes\scripts-styles.php:2
filtergettextincludes\scripts-styles.php:54
actionload-widgets.phpincludes\scripts-styles.php:62
actionload-edit-tags.phpincludes\scripts-styles.php:100
actionwidgets_initincludes\widget.class.php:254
actioninitninja_annc.php:34
filterhttp_request_argsninja_annc.php:53
actionload-edit.phpninja_annc.php:115
actionwp_headninja_annc.php:117
Maintenance & Trust

Ninja Announcements Lite Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2
Last updatedNov 21, 2012
PHP min version
Downloads19K

Community Trust

Rating40/100
Number of ratings3
Active installs40
Alternatives

Ninja Announcements Lite Alternatives

Mighty Notification Bar

Mighty Notification Bar

mighty-notification-bar

A
100

A flexible notification bar plugin for displaying important announcements at the top or bottom of your website.

0 No CVEs
Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website

Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website

simple-banner

A
95

Display a simple banner/bar at the top or bottom of your website. Now with multi-banner support.

50K 6 CVEs
Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar

Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar

foobar-notifications-lite

A
100

Create unlimited notifications, announcements, or notices for your visitors

3K No CVEs
Announcement & Notification Banner – Bulletin

Announcement & Notification Banner – Bulletin

bulletin-announcements

A
96

Publish a slick announcement banner notice across your website or Woocommerce shop. Extend with icons, countdowns, placement rules and more!

2K 5 CVEs
Cart Notices for WooCommerce

Cart Notices for WooCommerce

cart-notices-for-woocommerce

A
100

Display on cart page notices based on products and product categories in cart, cart cost, current day and time, customer referrer.

2K No CVEs
Developer Profile

Ninja Announcements Lite Developer Profile

Kevin Stover

5 plugins · 610K total installs

69
trust score
Avg Security Score
85/100
Avg Patch Time
1017 days
View full developer profile
Detection Fingerprints

How We Detect Ninja Announcements Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ninja-announcements/css/smoothness/jquery-smoothness.css/wp-content/plugins/ninja-announcements/css/token-input.css/wp-content/plugins/ninja-announcements/css/token-input-facebook.css/wp-content/plugins/ninja-announcements/css/ninja-annc-admin.css/wp-content/plugins/ninja-announcements/js/min/jquery.tokeninput.js/wp-content/plugins/ninja-announcements/js/min/ninja_annc_admin.min.js/wp-content/plugins/ninja-announcements/js/min/ninja_annc_admin_3.1.min.js
Script Paths
/wp-content/plugins/ninja-announcements/js/min/jquery.tokeninput.js/wp-content/plugins/ninja-announcements/js/min/ninja_annc_admin.min.js/wp-content/plugins/ninja-announcements/js/min/ninja_annc_admin_3.1.min.js
Version Parameters
ninja-announcements/css/smoothness/jquery-smoothness.css?ver=ninja-announcements/css/token-input.css?ver=ninja-announcements/css/token-input-facebook.css?ver=ninja-announcements/css/ninja-annc-admin.css?ver=ninja-announcements/js/min/jquery.tokeninput.js?ver=ninja-announcements/js/min/ninja_annc_admin.min.js?ver=ninja-announcements/js/min/ninja_annc_admin_3.1.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
ninja-annc-admin-wrap
Data Attributes
data-plugin_urldata-post_status
JS Globals
settingsninja_annc_strings
FAQ

Frequently Asked Questions about Ninja Announcements Lite