AviaSales поиск авиабилетов Security & Risk Analysis

The aviasalesru-search-widget plugin v2.0.4 exhibits a mixed security posture. On the positive side, there are no identified CVEs, and the plugin demonstrates good practices regarding SQL query preparation, with all queries using prepared statements. Furthermore, the attack surface appears minimal, with no exposed AJAX handlers, REST API routes, shortcodes, or cron events that are unprotected. Taint analysis also reveals no significant vulnerabilities.

However, significant concerns arise from the static code analysis. The presence of the `create_function` function is a clear indicator of potential security risks, as it can lead to arbitrary code execution if not handled with extreme care, especially if user-supplied data is involved. More critically, the fact that 0% of the 91 output points are properly escaped is a major vulnerability. This means that any dynamic content displayed by the plugin is susceptible to Cross-Site Scripting (XSS) attacks, allowing attackers to inject malicious scripts into users' browsers.

Given the absence of historical vulnerabilities and the limited attack surface, the plugin might not have been a target for exploitation. However, the identified code-level weaknesses, particularly the unescaped output and the use of `create_function`, present tangible security risks that could be exploited if a suitable attack vector were discovered or created. The plugin's strengths lie in its SQL handling and limited entry points, but these are overshadowed by the critical unescaped output issue and the risky use of `create_function`.