Ajax Login By WPH Security & Risk Analysis

The "ajax-login-by-wph" plugin v1.0.0 exhibits a concerning security posture primarily due to a large number of unprotected AJAX handlers. With 6 AJAX handlers identified and none of them including authentication checks, the plugin presents a significant attack surface for unauthorized actions. This lack of authorization is a critical vulnerability that could allow unauthenticated users to trigger plugin functionalities.

While the plugin does not have a history of publicly disclosed vulnerabilities (CVEs), its code analysis reveals other potential weaknesses. The presence of the `create_function` function is a signal for potential security risks, as it can be misused for code injection if not handled with extreme care. Furthermore, only 47% of output escaping is properly implemented, suggesting a risk of Cross-Site Scripting (XSS) vulnerabilities where user-supplied data might be rendered unescaped in the browser.

Despite the positive note of all SQL queries using prepared statements and the absence of file operations or external HTTP requests, the core issues of unprotected AJAX endpoints and insufficient output sanitization outweigh these strengths. The plugin's lack of nonce checks further exacerbates the AJAX handler vulnerability. The absence of known CVEs might indicate it hasn't been extensively audited or targeted, rather than inherent security. Overall, the plugin has significant security weaknesses that require immediate attention.