Checkout Add-on for Woo OnePage – Lite Security & Risk Analysis

The "checkout-add-on-woo-onepage" plugin v0.9 exhibits a concerning security posture, primarily due to its unprotected entry points. While the plugin demonstrates good practices like using prepared statements for all SQL queries and a high percentage of properly escaped outputs, the presence of four AJAX handlers without any authentication or capability checks creates a significant attack surface. This means any user, including unauthenticated ones, could potentially interact with these AJAX endpoints and trigger unintended actions or reveal sensitive information. The absence of nonce checks on these AJAX handlers further exacerbates this risk, as it opens the door to Cross-Site Request Forgery (CSRF) attacks. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive sign. However, the current static analysis findings strongly suggest that the lack of security controls on its entry points is a major oversight that needs immediate attention to mitigate potential exploitation. The plugin's strengths lie in its careful handling of database queries and output, but these are overshadowed by the critical flaw of unprotected AJAX endpoints.