Duplicate Page or Post, Delete Revisions and Enable Classic Editor Security & Risk Analysis

The "duplicate-del-revisions-classic-editor" plugin v1.0.2 presents a mixed security posture. On the positive side, it demonstrates excellent output escaping practices, with 100% of outputs being properly escaped, and it contains no dangerous functions, file operations, or external HTTP requests. The absence of any known vulnerabilities in its history is also a strong indicator of past secure development. However, a significant concern arises from its attack surface, which includes two AJAX handlers, both of which lack authentication checks. This means any user, even an unauthenticated one, could potentially trigger these functions, leading to unintended consequences or information disclosure depending on their implementation. The plugin also uses one SQL query without prepared statements, which, while not critical on its own without further context, always carries a risk of SQL injection if not handled with extreme care. Overall, while the plugin avoids common pitfalls like unescaped output and dangerous functions, the unprotected AJAX endpoints represent a notable security weakness that requires immediate attention.