Category Ajax Chain Selects Security & Risk Analysis

The plugin "category-ajax-chain-selects" version 3.7 presents a significant security concern due to its unprotected AJAX handlers. The static analysis reveals two AJAX handlers, both of which lack any form of authentication or authorization checks. This creates a direct attack vector where any user, including unauthenticated ones, can trigger these functions. While the plugin demonstrates good practices in avoiding dangerous functions and using prepared statements for SQL queries, the absence of output escaping on all detected outputs is a critical weakness. This could lead to cross-site scripting (XSS) vulnerabilities if any data processed by these handlers is reflected back to the user without proper sanitization. The plugin's vulnerability history is clean, with no recorded CVEs. This might suggest a lack of targeted attacks or that potential vulnerabilities have not been discovered or reported. However, the identified weaknesses in the current version, specifically the unprotected AJAX entry points and lack of output escaping, pose a substantial risk despite the absence of past vulnerabilities. The overall security posture is weakened by these critical oversights.