All in one metadata Security & Risk Analysis

The 'all-in-one-metadata' v1.0.0 plugin exhibits a mixed security posture. While it lacks a history of known vulnerabilities and avoids dangerous functions, file operations, and external HTTP requests, several concerning aspects arise from the static analysis. A significant risk stems from the two AJAX handlers, both of which are unprotected by authentication checks, presenting a direct entry point for attackers. Furthermore, the taint analysis reveals a worrying number of flows with unsanitized paths, including four high-severity instances. This suggests that user-supplied data might not be adequately validated or sanitized before being processed, potentially leading to various injection attacks.

Despite the lack of documented CVEs, the presence of unprotected AJAX handlers and high-severity unsanitized taint flows indicates potential weaknesses that could be exploited. The plugin demonstrates some good practices, such as a reasonable percentage of SQL queries using prepared statements and the inclusion of nonce and capability checks. However, these are overshadowed by the direct exposure of AJAX endpoints and the identified taint issues. Overall, the plugin's security needs significant improvement to mitigate the identified risks, particularly concerning the unprotected AJAX endpoints and the handling of unsanitized data.