Accredible LearnDash Add-on Security & Risk Analysis

The 'accredible-learndash-add-on' plugin v1.0.16 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively, and generally performs output escaping effectively with a high percentage of properly escaped outputs. The absence of known CVEs and bundled libraries is also a positive indicator of its current security state. However, a significant concern arises from the substantial attack surface composed of seven AJAX handlers, all of which are unprotected by authentication checks. Furthermore, the taint analysis revealed one flow with unsanitized paths, though it was not classified as critical or high severity. This indicates a potential for attackers to manipulate certain functionalities if they can trigger these unsanitized paths.

While the plugin has no reported vulnerability history, the presence of unprotected AJAX handlers and an unsanitized path flow warrants attention. These are common entry points for vulnerabilities. The lack of capability checks across the board, in addition to the missing authentication checks on AJAX actions, further exacerbates the risk. In conclusion, the plugin has foundational security elements in place like prepared SQL statements and good output escaping. However, the unprotected AJAX endpoints and the identified unsanitized path represent critical weaknesses that could be exploited, leading to unauthorized actions or information disclosure. Addressing these unprotected entry points should be a priority.