Calculate Prices based on Distance For WooCommerce Security & Risk Analysis

The plugin "calculate-prices-based-on-distance-for-woocommerce" version 1.3.6 exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and has no known critical or high-severity vulnerabilities currently unpatched, there are significant concerns. A substantial portion of its attack surface, specifically 4 out of 7 AJAX handlers, lack authentication checks. This could allow unauthenticated users to trigger potentially sensitive actions within the plugin. The taint analysis reveals flows with unsanitized paths, although they are not classified as critical or high severity, they warrant attention as they indicate potential for unexpected behavior or data manipulation. Furthermore, the plugin has a history of vulnerabilities, particularly those related to missing authorization, suggesting a recurring area of weakness. The output escaping is also a concern, with only 38% of outputs being properly escaped, increasing the risk of cross-site scripting (XSS) vulnerabilities. Despite the absence of critical unpatched CVEs and sound SQL practices, the combination of unprotected AJAX endpoints, a history of authorization issues, and insufficient output escaping presents a notable risk that should be addressed.