WP-Safety

SQL Chart Builder Security & Risk Analysis

wordpress.org/plugins/sql-chart-builder

Turn Your SQL Queries to Beautiful Dynamic Charts- Pie, Line, Area, Donut, Bar Charts with date/input filters.

600 active installs v2.3.7.2 PHP + WP 5.0.0+ Updated Mar 13, 2026
chartsmysqlsqlsql-chartvisualizer
77
B · Generally Safe
CVEs total2
Unpatched1
Last CVESep 22, 2025
Plugin page Download
Safety Verdict

Is SQL Chart Builder Safe to Use in 2026?

Mostly Safe

Score 77/100

SQL Chart Builder is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Sep 22, 2025Updated 21d ago
Risk Assessment

The "sql-chart-builder" plugin v2.3.7.2 exhibits a generally strong security posture based on static analysis, with no identified dangerous functions, all SQL queries using prepared statements, and a high percentage of properly escaped output. The limited attack surface and robust use of nonces and capability checks are also positive indicators. However, the presence of two known CVEs, with one remaining unpatched, significantly elevates the risk. The historical vulnerability types (XSS and SQL Injection) suggest that input sanitization and output escaping may have been inconsistently applied in past versions, even though current static analysis indicates improvements. This historical pattern, coupled with an unpatched medium-severity vulnerability, warrants careful attention. While the current code appears to follow many best practices, the outstanding vulnerability is a critical concern that undermines the overall security of the plugin.

Key Concerns

  • Unpatched CVEs
  • Known SQL Injection vulnerabilities
  • Known Cross-site Scripting vulnerabilities
Vulnerabilities
2

SQL Chart Builder Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-58233medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SQL Chart Builder <= 2.3.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025Unpatched
CVE-2024-11430medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

SQL Chart Builder <= 2.3.6 - Authenticated (Contributor+) SQL Injection

Dec 11, 2024 Patched in 2.3.7 (329d)
Code Analysis
Analyzed Mar 16, 2026

SQL Chart Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
2
119 escaped
Nonce Checks
2
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

98% escaped121 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
gvn_chart_top_form (functions.php:409)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

SQL Chart Builder Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 1

authwp_ajax_guaven_sqlcharts_onboarding_notice_dismissedfunctions.php:122

Shortcodes 2

[gvn_schart_2] functions.php:584
[gvn_schart_2_cached] functions.php:586
WordPress Hooks 14
actionadmin_noticesfunctions.php:98
actionadmin_noticesfunctions.php:110
actionwp_enqueue_scriptsfunctions.php:133
actionadmin_enqueue_scriptsfunctions.php:134
actionwp_enqueue_scriptsfunctions.php:140
actionadmin_enqueue_scriptsfunctions.php:141
actioninitfunctions.php:150
actionadmin_footerfunctions.php:172
actioninitfunctions.php:243
actionsave_postfunctions.php:287
filterthe_contentfunctions.php:936
filterguaven_sqlcharts_table_empty_cellfunctions.php:963
filterguaven_sqlcharts_table_empty_valuefunctions.php:964
actionwoocommerce_order_status_completedguaven_sqlcharts.php:24
Maintenance & Trust

SQL Chart Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 13, 2026
PHP min version
Downloads32K

Community Trust

Rating78/100
Number of ratings21
Active installs600
Alternatives

SQL Chart Builder Alternatives

WP Business Intelligence Lite

WP Business Intelligence Lite

wp-business-intelligence-lite

B
81

Dynamic web charts and tables for your site! Connect to your live WordPress instance DB to retrieve data in real-time and update charts and tables!

70 2 CVEs
Display SQL Stats

Display SQL Stats

display-sql-stats

A
85

! ! ! S T I L L B E T A ! ! !

10 No CVEs
Database Backup for WordPress

Database Backup for WordPress

wp-db-backup

B
82

Database Backup for WordPress is your one-stop database backup solution for WordPress.

70K 4 CVEs
Index WP MySQL For Speed

Index WP MySQL For Speed

index-wp-mysql-for-speed

A
99

Speed up your WordPress site by adding high-performance keys (database indexes) to your MariaDB / MySQL database tables.

50K 1 CVE
WP phpMyAdmin

WP phpMyAdmin

wp-phpmyadmin-extension

A
99

[ ✅ 𝐒𝐄𝐂𝐔𝐑𝐄 𝐏𝐋𝐔𝐆𝐈𝐍𝐒 𝐵𝓎 𝒫𝓊𝓋𝑜𝓍 ] phpMyAdmin - Database Browser & Manager (for MySQL & MariaDB)

50K 2 CVEs
Developer Profile

SQL Chart Builder Developer Profile

Guaven Labs

5 plugins · 700 total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
329 days
View full developer profile
Detection Fingerprints

How We Detect SQL Chart Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sql-chart-builder/asset/img/recommended1.jpg

HTML / DOM Fingerprints

CSS Classes
gf-alertgf-alert-infogf-alert-dangerguaven-sqlcharts-notice
Data Attributes
data-notice="onboarding_notice"
FAQ

Frequently Asked Questions about SQL Chart Builder