Cloud Blocks Security & Risk Analysis

The "cloud-blocks" plugin v1.1.8 exhibits a concerning security posture due to a significant number of unprotected AJAX handlers. With 14 AJAX handlers identified and 12 of them lacking authentication checks, the plugin presents a large attack surface that could be exploited by unauthenticated users. This is a major weakness, as it allows for potentially unauthorized actions to be performed on the WordPress site.

While the static analysis did not reveal critical vulnerabilities like dangerous functions, SQL injection via unsanitized paths, or critical taint flows, the lack of proper authorization on a majority of its entry points is a significant risk. Furthermore, the complete absence of nonce checks and capability checks on these handlers exacerbates the potential for abuse. The SQL queries also raise concerns as 100% of them are not using prepared statements, which could lead to SQL injection vulnerabilities if not handled with extreme care within the plugin's logic. The output escaping is also mediocre, with only 60% of outputs properly escaped, increasing the risk of cross-site scripting (XSS) vulnerabilities.

The plugin's vulnerability history is a positive point, showing no recorded CVEs. This could indicate a history of responsible development or simply a lack of discovery due to limited adoption or prior scrutiny. However, the current static analysis findings, particularly the unprotected AJAX endpoints and the non-prepared SQL queries, create immediate and serious security risks that outweigh the clean vulnerability history. The plugin has strengths in not bundling libraries and not having critical taint flows, but these are overshadowed by the fundamental security flaws in its entry point handling and data querying.