WP-Safety

Tuyul Ninja Security & Risk Analysis

wordpress.org/plugins/tuyul-ninja

Tuyul Ninja enables you to send wordpress post to available providers via cronjob.

10 active installs v1.2.0 PHP 5.3+ WP 4.1+ Updated Feb 26, 2021
automationcronproductivitysend-emailwp-cron
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Tuyul Ninja Safe to Use in 2026?

Generally Safe

Score 85/100

Tuyul Ninja has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The tuyul-ninja v1.2.0 plugin exhibits a concerning security posture, primarily due to a significant number of unprotected AJAX handlers. While the plugin has no recorded vulnerability history, this absence alone does not guarantee future safety, especially given the identified code signals. The presence of 9 unprotected AJAX handlers represents a large attack surface, making it susceptible to unauthorized actions if these handlers can be triggered externally.

The taint analysis reveals 6 flows with unsanitized paths, 4 of which are flagged as high severity. This is a critical concern, indicating potential vulnerabilities where user-supplied data could be used in a harmful way. The lack of nonce checks and capability checks further exacerbates this risk, as there are no built-in mechanisms to verify user authentication or authorization for these critical data flows. Although the plugin demonstrates good practices in output escaping and a reasonable percentage of SQL queries using prepared statements, these strengths are overshadowed by the identified taint issues and the lack of essential security checks on its primary entry points.

In conclusion, while the absence of past vulnerabilities is a positive sign, the current static analysis highlights significant security weaknesses in tuyul-ninja v1.2.0. The high number of unprotected AJAX handlers, coupled with high-severity unsanitized taint flows and a complete absence of nonce and capability checks, creates a substantial risk. Remediation efforts should prioritize securing these AJAX handlers and addressing the identified taint vulnerabilities.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • Unsanitized paths in taint flows
  • No nonce checks
  • No capability checks
  • SQL queries without prepared statements
Vulnerabilities
None known

Tuyul Ninja Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Tuyul Ninja Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
4 prepared
Unescaped Output
3
22 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

40% prepared10 total queries

Output Escaping

88% escaped25 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

6 flows6 with unsanitized paths
get_trend_keyword (app\Controller\ContentTools.php:44)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
9 unprotected

Tuyul Ninja Attack Surface

Entry Points9
Unprotected9

AJAX Handlers 9

authwp_ajax_tuyul_save_ideas_as_draftapp\Controller\ContentTools.php:9
authwp_ajax_tuyul_get_trend_keywordapp\Controller\ContentTools.php:10
authwp_ajax_wpty_save_general_settingapp\Controller\TuyulSetting.php:13
authwp_ajax_wpty_get_processed_postapp\Controller\TuyulSetting.php:14
authwp_ajax_wpty_save_jobapp\Controller\TuyulSetting.php:15
authwp_ajax_wpty_get_jobapp\Controller\TuyulSetting.php:16
authwp_ajax_wpty_run_jobapp\Controller\TuyulSetting.php:17
authwp_ajax_wpty_delete_jobapp\Controller\TuyulSetting.php:18
authwp_ajax_wpty_delete_historyapp\Controller\TuyulSetting.php:19
WordPress Hooks 3
actionsend_post_to_bloggerapp\Controller\TuyulCron.php:14
filtercron_requestapp\Controller\TuyulSetting.php:102
actionadmin_menuapp\Includes\TuyulMenu.php:7

Scheduled Events 1

send_post_to_blogger
Maintenance & Trust

Tuyul Ninja Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17
Last updatedFeb 26, 2021
PHP min version5.3
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Tuyul Ninja Alternatives

Cron Jobs

Cron Jobs

leira-cron-jobs

A
99

Easily manage and monitor your WordPress cron jobs from a clean, intuitive interface.

2K 1 CVE
WP Crontrol

WP Crontrol

wp-crontrol

A
96

WP Crontrol enables you to take control of the cron events on your WordPress website.

300K 3 CVEs
Publish to Schedule

Publish to Schedule

publish-to-schedule

A
99

Automate your WordPress post scheduling with Publish to Schedule. Set rules for days and times to publish posts automatically, saving you time and ens …

5K 2 CVEs
Cron Logger

Cron Logger

cron-logger

B
70

Logs wp-cron.php runs.

2K 1 unpatched
Cronjob Scheduler

Cronjob Scheduler

cronjob-scheduler

A
85

Cronjob Scheduler allows you to automate regular tasks and actions within your WordPress installation!

1K No CVEs
Developer Profile

Tuyul Ninja Developer Profile

nusagates

2 plugins · 60 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Tuyul Ninja

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tuyul-ninja/resources/css/tuyul.css/wp-content/plugins/tuyul-ninja/resources/js/tuyul.js
Script Paths
/wp-content/plugins/tuyul-ninja/vendor/bootstrap/js/bootstrap.bundle.min.js/wp-content/plugins/tuyul-ninja/resources/js/tuyul.js
Version Parameters
tuyul-ninja/resources/css/tuyul.css?ver=tuyul-ninja/resources/js/tuyul.js?ver=

HTML / DOM Fingerprints

CSS Classes
tuyul-ninja
Data Attributes
v-modelv-show
JS Globals
app
FAQ

Frequently Asked Questions about Tuyul Ninja