Customers who viewed this also viewed that – WooCommerce Security & Risk Analysis

Based on the static analysis, the "customers-who-viewed-this-also-viewed-that-woocommerce" v1.1 plugin exhibits an exceptionally clean security posture. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, significantly limiting the potential attack surface. Furthermore, the code analysis reveals no dangerous functions, all SQL queries utilize prepared statements, and all output is properly escaped. No file operations, external HTTP requests, or missing nonce/capability checks were detected, and there are no bundled libraries. The taint analysis also found no flows with unsanitized paths or any vulnerabilities.

The vulnerability history further reinforces this positive assessment, with zero recorded CVEs of any severity. This indicates a strong track record of security and diligence from the plugin's developers. The absence of any recorded vulnerabilities across its history suggests a well-maintained and secure codebase. While the lack of common entry points like AJAX, REST API, and shortcodes is a significant security strength, it's worth noting that the absence of any identified entry points at all (0 total entry points) is highly unusual and could potentially be an artifact of the analysis tools if the plugin, in fact, performs any user-facing functionality. However, assuming the analysis is comprehensive, this plugin appears to be remarkably secure.