BST share iT Security & Risk Analysis

The "bst-share-it" v1.0.9 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals a remarkably small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are accessible without authentication. Furthermore, the plugin has no recorded vulnerability history, indicating a lack of publicly disclosed security flaws. This absence of past issues can be a positive indicator of developer diligence.

However, there are several concerning signals within the code. The use of the `create_function` is a significant red flag, as it is deprecated and can lead to security vulnerabilities if not handled with extreme care, potentially allowing for code injection. The SQL query handling is also suboptimal, with only 50% of queries using prepared statements, leaving the other half vulnerable to SQL injection. Additionally, a very low percentage (20%) of output is properly escaped, which presents a high risk of Cross-Site Scripting (XSS) vulnerabilities across various output points. The taint analysis, while limited, did identify a flow with unsanitized paths, which warrants attention despite not being classified as critical or high severity at this time.

In conclusion, while the plugin's attack surface and historical vulnerability record are strengths, the presence of `create_function`, a high rate of unescaped output, and partially unsanitized SQL queries represent significant weaknesses that could be exploited. These code-level concerns outweigh the apparent lack of public vulnerabilities and the small attack surface, suggesting that the plugin should be treated with caution and that these specific code issues need to be addressed.