Ninja Charts – Interactive Charts and Graphs Security & Risk Analysis

Ninja-Charts v3.4.0 exhibits a mixed security posture. While it demonstrates good practices like 100% prepared SQL statements and a high rate of properly escaped outputs, significant concerns arise from its attack surface. The presence of two unprotected AJAX handlers represents a direct pathway for potential unauthorized actions. The use of `unserialize` is a notable risk, as it can lead to object injection vulnerabilities if the serialized data originates from an untrusted source. Taint analysis did not reveal any immediate flows with unsanitized paths, which is a positive sign, however, the lack of analysis (0 flows analyzed) means this is an area of unknown risk.

The plugin's vulnerability history shows one past medium-severity CVE related to sensitive information exposure. The fact that this is currently unpatched is not indicated, but the pattern suggests a history of potential data leakage. The absence of any critical or high-severity past vulnerabilities is encouraging, but the existing medium vulnerability and the identified code risks warrant careful attention. Overall, Ninja-Charts has strengths in secure coding practices for SQL and output handling, but the unprotected entry points and the use of `unserialize` are significant weaknesses that expose it to potential attacks.