WP Business Intelligence Lite Security & Risk Analysis
wordpress.org/plugins/wp-business-intelligence-liteDynamic web charts and tables for your site! Connect to your live WordPress instance DB to retrieve data in real-time and update charts and tables!
Is WP Business Intelligence Lite Safe to Use in 2026?
Critical Risk — Avoid
Score 18/100WP Business Intelligence Lite is critically unsafe with 4 known CVEs, 2 still unpatched. Avoid in production.
The wp-business-intelligence-lite plugin v3.2.0 exhibits a mixed security posture. On the positive side, it demonstrates strong practices in preventing SQL injection by utilizing prepared statements for all its SQL queries and has no known unpatched vulnerabilities currently. The absence of a large attack surface through AJAX, REST API, or shortcodes is also a strength, indicating limited direct user interaction points. However, significant concerns arise from the static analysis. The presence of the `unserialize` function is a critical risk, as it can lead to remote code execution if untrusted data is unserialized. Furthermore, the taint analysis highlights a high-severity flow with unsanitized paths, suggesting a potential for vulnerabilities if this flow is exposed to user input. The very low percentage of properly escaped output (9%) is a major red flag, indicating a high likelihood of cross-site scripting (XSS) vulnerabilities, especially considering the large number of output operations. The plugin's historical vulnerability types (SQL Injection, Unrestricted File Upload) and the last known vulnerability in 2015, while patched, suggest past security oversights.
While the plugin's SQL query handling is excellent and it currently has no unpatched CVEs, the static analysis reveals critical potential vulnerabilities. The `unserialize` function, combined with a high-severity unsanitized taint flow and a pervasive lack of output escaping, creates a substantial risk profile for XSS and potential remote code execution. The historical vulnerabilities, though patched, hint at a past pattern of less robust security development. Therefore, despite some good security practices, the identified risks in the current version necessitate careful consideration.
Key Concerns
- Unsanitized path taint flow (High Severity)
- Use of unserialize function
- Low percentage of properly escaped output (9%)
- No nonce checks
- No capability checks
- Bundled library (DataTables) might be outdated
WP Business Intelligence Lite Security Vulnerabilities
CVEs by Year
Severity Breakdown
4 total CVEs
WP Business Intelligence Lite <= 3.2.0 - Missing Authorization
WP Business Intelligence Lite <= 3.2.0 - Authenticated (Subscriber+) Missing Authorization to Privilege Escalation via Arbitrary SQL Modification
WP Business Intelligence Lite <= 1.6.2 - SQL Injection
WP Business intelligence lite < 1.3 - Arbitrary File Upload
WP Business Intelligence Lite Release Timeline
WP Business Intelligence Lite Code Analysis
Dangerous Functions Found
Bundled Libraries
SQL Query Safety
Output Escaping
Data Flow Analysis
WP Business Intelligence Lite Attack Surface
WordPress Hooks 10
Maintenance & Trust
WP Business Intelligence Lite Maintenance & Trust
Maintenance Signals
Community Trust
WP Business Intelligence Lite Alternatives
SQL Chart Builder
sql-chart-builder
Turn Your SQL Queries to Beautiful Dynamic Charts- Pie, Line, Area, Donut, Bar Charts with date/input filters.
Display SQL Stats
display-sql-stats
! ! ! S T I L L B E T A ! ! !
My Tables
my-tables
Displays table information of your WordPress Database.
Explore Wp Database
explore-wp-database
View the content of your mysql tables in a easy way.
Database Backup for WordPress
wp-db-backup
Database Backup for WordPress is your one-stop database backup solution for WordPress.
WP Business Intelligence Lite Developer Profile
3 plugins · 70 total installs
How We Detect WP Business Intelligence Lite
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-business-intelligence-lite/chartjs/dist/Chart.min.js/wp-content/plugins/wp-business-intelligence-lite/css/wpbi-admin-styles.css/wp-content/plugins/wp-business-intelligence-lite/css/wpbi-public-styles.css/wp-content/plugins/wp-business-intelligence-lite/js/wpbi-admin.js/wp-content/plugins/wp-business-intelligence-lite/js/wpbi-public.js/wp-content/plugins/wp-business-intelligence-lite/chartjs/dist/Chart.min.js/wp-content/plugins/wp-business-intelligence-lite/js/wpbi-admin.js/wp-content/plugins/wp-business-intelligence-lite/js/wpbi-public.jswp-business-intelligence-lite/chartjs/dist/Chart.min.js?ver=wp-business-intelligence-lite/css/wpbi-admin-styles.css?ver=wp-business-intelligence-lite/css/wpbi-public-styles.css?ver=wp-business-intelligence-lite/js/wpbi-admin.js?ver=wp-business-intelligence-lite/js/wpbi-public.js?ver=HTML / DOM Fingerprints
wpbi-admin-wrapwpbi-chart-preview<!-- WPBI_LOADER_START --><!-- WPBI_LOADER_END --><!-- WPBI_CHART_END -->data-wpbi-chart-iddata-wpbi-chart-typedata-wpbi-chart-dataset-countdata-wpbi-chart-optionsWPBI_AdminWPBI_PUBLIC[wpbi_charts]