Alert Box Block – Display Custom Alerts and Messages Security & Risk Analysis

The alert-box-block plugin version 2.0.0 demonstrates a generally strong security posture based on the static analysis. The absence of any detected dangerous functions, unsanitized taint flows, raw SQL queries, file operations, or external HTTP requests is commendable. The presence of nonce and capability checks, along with proper output escaping for all detected outputs, indicates adherence to good WordPress security practices. However, the plugin's vulnerability history is a significant concern. With two previously disclosed medium-severity cross-site scripting (XSS) vulnerabilities, the plugin has a documented track record of security flaws. The fact that the last vulnerability was in March 2025, and is listed as 'currently unpatched' (though this might be an anomaly in the data, as there are 0 currently unpatched CVEs), warrants careful consideration. This history suggests that while the current version might be cleaner, past issues might indicate underlying development practices that could lead to future vulnerabilities.