Child Height Predictor by Ostheimer Security & Risk Analysis

The child-height-predictor plugin v1.3 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by having no known vulnerabilities, no dangerous functions, and all SQL queries utilizing prepared statements. Additionally, there are no file operations or external HTTP requests, which reduces the potential attack surface. The limited attack surface of only one shortcode and no AJAX handlers or REST API routes is also a strong point.

However, a significant concern arises from the complete lack of output escaping. With 53 outputs and 0% properly escaped, this presents a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any user-supplied data that is displayed by the plugin is vulnerable to injection. Furthermore, the absence of nonce checks and capability checks on the single shortcode means that it's potentially callable without proper authorization, although without any other exposed entry points like AJAX or REST API, the immediate impact is limited.

The plugin's vulnerability history is clean, with zero known CVEs. This, combined with the limited attack surface and responsible use of prepared statements, suggests a plugin that has historically been developed with some security awareness. However, the lack of output escaping is a critical oversight that needs immediate attention. The overall security posture can be described as having a small attack surface and clean history but a critical flaw in output handling.