Add To Menus Lite Security & Risk Analysis

The add-to-menus-lite plugin v0.1 exhibits significant security concerns due to its unprotected entry points. The static analysis reveals two AJAX handlers, both lacking authentication checks, presenting a direct pathway for potential attackers to interact with the plugin's functionality. While the plugin avoids dangerous functions, file operations, and external HTTP requests, this is overshadowed by the critical absence of security measures on its primary interaction points. The limited number of SQL queries and a moderate rate of output escaping are positive indicators, but they do not mitigate the risks introduced by the open AJAX endpoints. The plugin's vulnerability history shows a clean slate, with no recorded CVEs. This could indicate either a lack of focused security auditing on this version or that past development practices were more robust. However, the current analysis of v0.1 suggests that relying solely on the absence of past vulnerabilities is insufficient, given the evident weaknesses in its attack surface. Overall, while the plugin has a low historical vulnerability count, the current static analysis points to a concerning security posture due to unprotected AJAX handlers, demanding immediate attention.