Qualified Electronic Signatures by eID Easy Security & Risk Analysis

The plugin "eid-easy-qualified-electronic-signature" version 3.3.1 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices in SQL query handling, with 100% using prepared statements, and output escaping, with all outputs being properly escaped. The absence of critical or high-severity taint flows is also a strong indicator of secure coding in those areas. File operations and external HTTP requests are present but do not appear to introduce immediate risks based on the static analysis. However, significant concerns arise from the attack surface. The plugin exposes two AJAX handlers, both of which lack authentication checks, presenting a clear risk of unauthorized actions. The absence of nonce checks on these AJAX endpoints further exacerbates this issue, making them vulnerable to CSRF attacks.

The plugin's vulnerability history shows one known CVE, which has since been patched. The nature of the past vulnerability, "Use of Less Trusted Source," suggests a previous weakness that has been addressed. The fact that there are no currently unpatched vulnerabilities is a positive sign. Despite the secure handling of SQL and output, the unprotected AJAX endpoints represent a substantial security weakness. While the plugin has addressed past vulnerabilities and shows good internal code hygiene, the direct exposure of functionality without proper authorization checks is a significant oversight that could be exploited.