Doubly – Cross Domain Copy Paste for WordPress Security & Risk Analysis

The 'doubly' plugin v1.0.47 exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices by utilizing prepared statements for all SQL queries and including a nonce check and capability check. The static analysis reveals no apparent direct entry points like AJAX handlers, REST API routes, or shortcodes that are unprotected, indicating a generally well-defined attack surface. However, significant concerns arise from the presence of two dangerous functions, 'unserialize' and 'assert'. The taint analysis, while showing no critical or high severity flows, does highlight three flows with unsanitized paths, suggesting potential avenues for injection if these paths are not adequately handled upstream. The vulnerability history is particularly concerning, with one known high severity CVE related to 'Deserialization of Untrusted Data'. The fact that this vulnerability is listed with a future date suggests a potential recurring issue or an oversight in tracking. This, coupled with the presence of 'unserialize', points to a high risk of deserialization vulnerabilities if user-supplied data is not rigorously validated before being processed by the 'unserialize' function.

In conclusion, while 'doubly' v1.0.47 has a low immediate attack surface and employs good practices in SQL and nonce handling, the use of 'unserialize' and 'assert', along with its past high-severity deserialization vulnerability, presents a substantial risk. The three unsanitized paths identified in taint analysis further amplify this risk. Developers should prioritize auditing and sanitizing all data passed to 'unserialize' and 'assert', and thoroughly investigate the root cause of the past deserialization vulnerability to prevent recurrence.