Cost Calculator for Contact Form 7 – Price Calculator Free Security & Risk Analysis

The "cf7-cost-calculator-price-calculation" plugin v10.1.3 exhibits a generally good security posture based on the provided static analysis. The plugin has a minimal attack surface, with only one AJAX handler and no direct REST API routes, shortcodes, or cron events exposed. Importantly, the single AJAX handler appears to have authentication checks, and there are no unauthenticated entry points identified. The code also demonstrates good practices with 100% of SQL queries using prepared statements and a high percentage of output being properly escaped (92%). The absence of dangerous functions, file operations, and critical or high-severity taint analysis results further contribute to a positive security assessment. The plugin's vulnerability history is also clean, with no recorded CVEs, indicating a mature and well-maintained codebase. However, the presence of two external HTTP requests warrants careful review to ensure these do not introduce supply chain risks or expose sensitive data. Additionally, while a nonce check is present, the absence of capability checks on the AJAX handler is a potential weakness. Despite these minor concerns, the overall security of this plugin appears robust.