Accept SagePay Payments Using Contact Form 7 Security & Risk Analysis

The 'accept-sagepay-payments-using-contact-form-7' plugin version 2.2 exhibits a mixed security posture, with some strengths but significant concerns. On the positive side, the plugin demonstrates good practices with 100% of its SQL queries using prepared statements and a high percentage (80%) of outputs being properly escaped. It also has no file operations or external HTTP requests, which reduces certain attack vectors. However, the plugin has a concerningly small attack surface that is entirely unprotected. Both of its AJAX handlers lack authentication checks, making them direct entry points for attackers. The presence of the `unserialize` function is a red flag, especially when coupled with the analysis showing flows with unsanitized paths, although the taint analysis did not flag any critical or high-severity issues in this specific version. The vulnerability history, while currently showing no unpatched issues, includes a medium severity vulnerability in the past categorized as 'Exposure of Sensitive Information to an Unauthorized Actor,' which aligns with the potential risks posed by unprotected AJAX endpoints and the use of `unserialize` without proper input validation. The plugin's strengths in SQL and output handling are overshadowed by the critical lack of authorization on its AJAX endpoints, presenting a clear and immediate risk.