Casso – Tự động xác nhận thanh toán chuyển khoản ngân hàng Security & Risk Analysis

The plugin "casso-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang" v4.1.0 exhibits a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and only one nonce check, significant concerns arise from its attack surface and output escaping. The presence of four AJAX handlers without authentication checks presents a substantial risk, as these can be accessed and potentially exploited by unauthenticated users.

The static analysis reveals a worrying trend in taint analysis, with three out of three flows showing unsanitized paths. Although no critical or high severity taint flows were identified, this indicates a potential for various vulnerabilities if the data within these flows is not properly handled. The high rate of improperly escaped output (44%) further exacerbates this risk, suggesting a strong possibility of Cross-Site Scripting (XSS) vulnerabilities.

Historically, the plugin has a known CVE, which was a medium severity Cross-site Scripting vulnerability. The fact that this vulnerability is currently patched is positive, but the pattern of past XSS vulnerabilities, coupled with the current high percentage of unescaped output, suggests that this could be a recurring issue. Overall, the plugin has strengths in its SQL handling but is significantly weakened by its unprotected AJAX endpoints and inadequate output sanitization, making it a moderate risk.