Did Prestashop Display – Show Prestashop products in your WordPress Security & Risk Analysis

The "did-prestashop-display" plugin v1.0.30 presents a mixed security posture. On the positive side, the static analysis reveals a small attack surface with only one entry point (a shortcode) and no identified dangerous functions or raw SQL queries. File operations are also absent, and external HTTP requests are limited to one. However, significant concerns arise from the extremely low percentage of properly escaped output (2%), indicating a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce and capability checks across all entry points further exacerbates this risk, leaving the plugin vulnerable to various attacks, particularly Cross-Site Request Forgery (CSRF) which is a known issue in its history.

The vulnerability history is a critical red flag. The presence of one unpatched medium severity CVE, historically linked to CSRF, combined with the code analysis findings of missing nonces and capability checks, strongly suggests that the plugin has recurring security weaknesses. While the plugin avoids some common pitfalls like raw SQL and dangerous functions, the critical lack of output escaping and authorization checks on its sole entry point makes it a significant risk. Users should be highly cautious and prioritize patching or finding an alternative if possible.