ActiveCampaign – The autonomous marketing platform Security & Risk Analysis

The 'activecampaign-subscription-forms' plugin, version 8.1.21, presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and avoids dangerous functions, file operations, and bundled libraries. The taint analysis shows no critical or high severity unsanitized flows, which is a strong indicator of secure code handling of user input concerning these specific areas.

However, significant concerns arise from the attack surface and output escaping. The plugin exposes two AJAX handlers without authentication checks, creating a direct pathway for unauthenticated users to interact with potentially sensitive backend functionality. Furthermore, a very low percentage (7%) of outputs are properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The vulnerability history, with 4 medium severity CVEs in the past, including SSRF, XSS, and CSRF, further reinforces the susceptibility to these types of attacks, even though none are currently unpatched.

In conclusion, while the plugin avoids some common pitfalls like raw SQL and dangerous functions, the combination of unprotected entry points and widespread output escaping issues creates a substantial risk of XSS and unauthorized actions. The historical prevalence of medium severity vulnerabilities in common web attack vectors warrants careful attention and ongoing monitoring.