Before After Image Comparison Slider for WPBakery Page Builder Security & Risk Analysis

The "before-after-image-comparison-slider-for-visual-composer" v2.0.2 plugin exhibits a generally positive security posture, with several good practices in place. Notably, it does not utilize raw SQL queries, opting for prepared statements, and shows a strong adherence to output escaping, with 77% of outputs being properly sanitized. The absence of any recorded historical vulnerabilities or CVEs also suggests a history of stable and secure development. However, there are significant concerns related to its attack surface, specifically the presence of unprotected AJAX handlers.

The analysis reveals 3 AJAX handlers, with 2 of them lacking authentication checks. This creates a substantial risk, as unauthenticated users could potentially interact with these handlers and trigger unintended or malicious actions. While the taint analysis shows no critical or high-severity unsanitized flows, the lack of authorization on these entry points could still lead to various security issues depending on the functionality of those AJAX handlers. The plugin also has a single nonce check, which is positive, but the lack of capability checks on any entry points is a weakness that compounds the risk of unprotected AJAX handlers.

In conclusion, the plugin demonstrates strengths in its database interaction and output sanitization, and its lack of past vulnerabilities is reassuring. However, the presence of unprotected AJAX handlers represents a critical weakness that significantly elevates the risk profile. This area requires immediate attention to ensure proper authentication and authorization mechanisms are implemented to protect against potential exploitation.