BE – Main Category Selector Security & Risk Analysis

The "be-main-category" v2.1.1 plugin exhibits significant security concerns despite a seemingly clean vulnerability history. The static analysis reveals a lack of critical security best practices. Notably, 100% of SQL queries are not using prepared statements, and there is a complete absence of output escaping. This means that any data inserted into or retrieved from the database could be vulnerable to SQL injection attacks, and user-supplied data displayed on the frontend is susceptible to cross-site scripting (XSS) attacks.

The taint analysis further highlights these risks, identifying two flows with unsanitized paths, both classified as high severity. This indicates potential pathways where untrusted data could be processed without proper sanitization, leading to exploitable vulnerabilities. The absence of nonce checks, capability checks, and authentication checks on all identified entry points (even though there are zero in this case) also points to a general disregard for common WordPress security measures. While there are no known CVEs for this plugin, the internal code quality issues present a substantial risk that could easily lead to exploitable vulnerabilities.

In conclusion, while the plugin doesn't have a known history of public vulnerabilities, the static analysis strongly suggests a weak security posture. The lack of prepared statements for SQL queries and proper output escaping, combined with high-severity taint flows, are critical red flags. Users of this plugin should be aware of the inherent risks due to these coding practices, as they create a fertile ground for security vulnerabilities.