WP-Safety

Schema Ninja Security & Risk Analysis

wordpress.org/plugins/schemaninja

SchemaNinja Rich Snippets & Recommendation plugin. SchemaNinja can Boost CTR, Improve SEO & Rankings. Supports most of the content type.

10 active installs v2.3.5 PHP + WP 3.3+ Updated Sep 15, 2020
google-seoreview-ratingrich-snippetschemaseo
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Schema Ninja Safe to Use in 2026?

Generally Safe

Score 85/100

Schema Ninja has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The schema ninja plugin version 2.3.5 exhibits a generally good security posture based on the static analysis. The absence of dangerous functions, external HTTP requests, file operations, and SQL queries (all using prepared statements) are strong indicators of secure coding practices. The presence of a nonce check is also a positive sign for input validation. The plugin also has no recorded vulnerability history, which suggests a commitment to security or a lack of historical discovery of issues.

However, a significant concern arises from the output escaping. With 57% of outputs properly escaped, a substantial portion (43%) remains unescaped. This presents a risk of Cross-Site Scripting (XSS) vulnerabilities, especially if user-supplied data is outputted without proper sanitization. Furthermore, the lack of capability checks on any of the entry points is a notable weakness, as it implies that potentially sensitive operations might be accessible to users without the necessary permissions. While the attack surface is small and currently shows no unprotected entry points, the lack of capability checks means this could change if functionality is added or modified without proper authorization controls.

In conclusion, while schema ninja version 2.3.5 has several strengths regarding secure coding practices and a clean vulnerability history, the high percentage of unescaped output and the absence of capability checks on entry points represent tangible security risks that warrant attention. Addressing these specific areas would significantly improve the plugin's overall security.

Key Concerns

  • Significant percentage of unescaped output
  • Lack of capability checks on entry points
Vulnerabilities
None known

Schema Ninja Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Schema Ninja Release Timeline

v2.3.5Current
v2.2.1
v2.2.0
v2.1.9
v2.1.8
v2.1.7
v2.1.6
v2.1.5
v2.1.4
v2.1.3
v2.1.2
v2.1.1
v2.1.0
v2.0.7
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
Code Analysis
Analyzed Mar 16, 2026

Schema Ninja Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
68
90 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

57% escaped158 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

1 flows
<schema-admin> (schema-admin.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Schema Ninja Attack Surface

Entry Points4
Unprotected0

Shortcodes 4

[recompostlist] templates\recommendation_template.php:67
[recommendation] templates\recommendation_template.php:69
[recommendation_sidebar] templates\sidebar_template.php:65
[recomlist] templates\sidebar_template.php:66
WordPress Hooks 27
actionsave_postadmin\recommendation_data.php:127
actionpre_post_updateadmin\review_data.php:221
actionsave_postadmin\review_data.php:222
filterthe_contentincludes\auto_format_disable.php:22
actionadd_meta_boxesincludes\recommendation-meta.php:10
filtermanage_recommendations_posts_columnsincludes\recommendation-meta.php:28
actionmanage_recommendations_posts_custom_columnincludes\recommendation-meta.php:42
actionadd_meta_boxesincludes\review-meta.php:10
actioninitmodules\recommendation.php:32
actionwp_enqueue_scriptsschema-ninja.php:35
actionadmin_enqueue_scriptsschema-ninja.php:44
filterpost_row_actionsschema-ninja.php:52
actionadmin_noticesschema-ninja.php:63
actionadmin_initschema-ninja.php:67
actionwp_headschema-ninja.php:79
actionadmin_menuschema-ninja.php:91
actiontemplate_redirectschema-ninja.php:92
filterwidget_textschema-ninja.php:93
filteradd_post_metadataschema-ninja.php:104
filterupdate_post_metadataschema-ninja.php:105
filterdelete_post_metadataschema-ninja.php:106
filterget_post_metadataschema-ninja.php:107
filterthe_contenttemplates\recommendation_template.php:26
filterget_the_excerpttemplates\recommendation_template.php:28
filterthe_contenttemplates\recommendation_template.php:42
filterthe_contenttemplates\review_template.php:191
filterwp_footertemplates\review_template.php:225
Maintenance & Trust

Schema Ninja Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedSep 15, 2020
PHP min version
Downloads6K

Community Trust

Rating84/100
Number of ratings12
Active installs10
Alternatives

Schema Ninja Alternatives

Schema & Structured Data for WP & AMP

Schema & Structured Data for WP & AMP

schema-and-structured-data-for-wp

A
95

Schema & Structured Data adds Google Rich Snippets markup according to Schema.org guidelines to structure your site for SEO.

100K 10 CVEs
Schema – All In One Schema Rich Snippets

Schema – All In One Schema Rich Snippets

all-in-one-schemaorg-rich-snippets

A
99

Improve SEO, elevate rankings and Boost CTR. Supports different types of content and works well with Google, Bing, Yahoo, and Facebook.

30K 2 CVEs
WP SEO Structured Data Schema

WP SEO Structured Data Schema

wp-seo-structured-data-schema

B
76

Comprehensive JSON-LD based Structured Data solution for WordPress for adding schema for organizations, businesses, blog posts, ratings & more.

30K 1 unpatched
FAQ Schema For Pages And Posts

FAQ Schema For Pages And Posts

faq-schema-for-pages-and-posts

A
85

FAQ Schema For Pages And Posts by Krystian Szastok Founder of RobotZebra - a London based SEO agency, allows you to turn questions and answers on your &hellip;

8K No CVEs
Event SEO: Event Schema / Structured Data: Google Rich Snippet Schema for Event

Event SEO: Event Schema / Structured Data: Google Rich Snippet Schema for Event

event-schema

A
100

Automatically generate Google Event Rich Snippet Schema (JSON-LD) for events using popular calendar plugins.

700 No CVEs
Developer Profile

Schema Ninja Developer Profile

jitendravaswani

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Schema Ninja

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/schemaninja/style.css/wp-content/plugins/schemaninja/assets/font-awesome/css/font-awesome.min.css/wp-content/plugins/schemaninja/assets/css/circle.css/wp-content/plugins/schemaninja/assets/css/tabs.css/wp-content/plugins/schemaninja/assets/css/css-schema-admin.css/wp-content/plugins/schemaninja/assets/js/jscolor.js/wp-content/plugins/schemaninja/assets/js/tabs.js
Version Parameters
schemaninja/style.css?ver=schemaninja/assets/font-awesome/css/font-awesome.min.css?ver=schemaninja/assets/css/circle.css?ver=schemaninja/assets/css/tabs.css?ver=schemaninja/assets/font-awesome/css/font-awesome.min.css?ver=schemaninja/assets/css/css-schema-admin.css?ver=schemaninja/assets/js/jscolor.js?ver=schemaninja/assets/js/tabs.js?ver=

HTML / DOM Fingerprints

CSS Classes
spec-span30spec-titlespec-subrating-divsc100pgreenorange+7 more
Data Attributes
data-ng-show
JS Globals
jscolortabs
Shortcode Output
[schema_ninja_review][schema_ninja_recommendation]
FAQ

Frequently Asked Questions about Schema Ninja