BMLT Tabbed Map Security & Risk Analysis

The "bmlt-tabbed-map" plugin v1.2.1 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping all output, indicating a strong defense against common injection and XSS vulnerabilities that stem from direct database manipulation or improper output handling. The absence of file operations and external HTTP requests also reduces its attack surface in those areas.

However, significant concerns arise from the identified attack surface. The plugin exposes two AJAX handlers without any authentication or capability checks. This is a critical weakness, as any unauthenticated user could potentially trigger these handlers, leading to unintended actions or information disclosure. While the static analysis did not reveal any critical or high severity taint flows, the presence of unsanitized entry points for AJAX requests presents a substantial risk that could be exploited if these handlers perform sensitive operations.

The plugin's vulnerability history reveals one known medium severity CVE related to Cross-Site Scripting, which was recently patched. While the absence of currently unpatched vulnerabilities is a good sign, the past occurrence of an XSS vulnerability, even if medium, highlights a potential area of weakness. The combination of unprotected AJAX endpoints and past XSS issues suggests a need for more robust input validation and authorization mechanisms to secure all entry points.