Easy Basic Authentication – Add basic auth to site or admin area Security & Risk Analysis

The "easy-basic-authentication" plugin v3.9.1 exhibits significant security concerns despite a clean vulnerability history. The static analysis reveals a considerable attack surface with two AJAX handlers, both of which lack any authentication checks. This represents a direct pathway for unauthenticated users to interact with potentially sensitive plugin functionality. Furthermore, all SQL queries within the plugin are not using prepared statements, increasing the risk of SQL injection vulnerabilities. The taint analysis also highlights two flows with unsanitized paths, indicating potential for insecure handling of user-supplied data. While there are no recorded CVEs for this plugin, the presence of these critical code-level weaknesses suggests a proactive security review and patching process has been lacking. The plugin's strengths lie in the absence of dangerous functions, file operations, and external HTTP requests, along with proper output escaping for a majority of outputs. However, the lack of nonce and capability checks on its entry points is a major oversight.