Campaign Monitor Add-On for FormCraft Security & Risk Analysis

The 'campaign-monitor-for-formcraft' v1.2 plugin exhibits a concerning security posture primarily due to a significant lack of authentication and authorization checks on its entry points. With three AJAX handlers identified and none protected by authentication mechanisms, any unauthenticated user can potentially trigger these functions. This creates a substantial attack surface, even without any known critical vulnerabilities from static analysis or historical data.

While the plugin demonstrates good practices by using prepared statements for all its SQL queries and appears to have no recorded vulnerabilities in its history, these strengths are heavily overshadowed by the identified security flaws. The absence of nonce checks and capability checks on AJAX actions, coupled with the fact that 0% of its outputs are properly escaped, indicates a high risk of Cross-Site Scripting (XSS) and other injection attacks. The plugin's limited attack surface (only AJAX handlers) is a minor mitigating factor, but the lack of protection on these handlers makes them prime targets. The absence of taint analysis findings suggests that current static analysis tools didn't find any obvious critical flows, but this is less reassuring given the other identified weaknesses.

In conclusion, despite a clean vulnerability history and secure SQL practices, the 'campaign-monitor-for-formcraft' v1.2 plugin is rated as high risk. The critical oversight in securing its AJAX handlers presents a clear and present danger of unauthorized execution and potential data compromise. The lack of output escaping further amplifies the XSS risk. Remediation should focus on implementing robust authentication and authorization for all AJAX actions and ensuring proper output sanitization.