Bridge Addons for Beaver Builder Security & Risk Analysis

The "bridge-addons" plugin v1.2.0 exhibits a generally strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points suggests a limited attack surface. Furthermore, the lack of dangerous functions, file operations, external HTTP requests, and the exclusive use of prepared statements for SQL queries are positive indicators of secure coding practices. The plugin also has no recorded vulnerability history, which is a significant strength.

However, a notable concern arises from the very low percentage (13%) of properly escaped output. With 304 total outputs analyzed, this means a substantial number of outputs are likely unescaped, presenting a risk of Cross-Site Scripting (XSS) vulnerabilities. The complete absence of nonce checks and capability checks across all entry points is also a significant security weakness, as it means that any exposed functionality could potentially be abused without proper authorization or verification. The zero taint analysis results are positive, but the lack of capability/nonce checks could lead to issues not detected by this specific analysis type.

In conclusion, while the plugin benefits from a small attack surface and sound SQL handling, the prevalent unescaped output and the complete lack of nonces and capability checks represent critical areas for improvement. These omissions leave the plugin vulnerable to XSS and unauthorized actions, despite the lack of historical CVEs or detected taint flows.