Emu2 – Email Users 2 Security & Risk Analysis

The emu2-email-users-2 plugin exhibits several concerning security weaknesses despite a seemingly small attack surface. The static analysis reveals a significant number of SQL queries with only 20% using prepared statements, indicating a high risk of SQL injection vulnerabilities. Furthermore, a critical finding is that 0% of output is properly escaped, which, combined with 6 out of 7 analyzed taint flows having unsanitized paths and 3 of those being high severity, strongly suggests a substantial risk of cross-site scripting (XSS) attacks. The absence of nonce checks on any entry points further exacerbates these risks by allowing unauthorized actions if an attacker can trigger these functionalities.

The vulnerability history, including a medium severity CVE related to XSS, corroborates the findings from the static analysis. The fact that this CVE is currently unpatched is a critical concern. While the plugin doesn't appear to have a large external attack surface in terms of unprotected entry points, the internal code quality regarding data sanitization and output escaping is a major point of failure. The presence of multiple capability checks suggests an awareness of access control, but this is undermined by the lack of fundamental security practices.

In conclusion, the emu2-email-users-2 plugin poses a significant security risk. The high prevalence of unsanitized taint flows, complete lack of output escaping, and unpatched XSS vulnerability are critical issues that require immediate attention. While the plugin has a limited number of exposed entry points, the internal code's susceptibility to injection and XSS attacks makes it a dangerous component to have active on a WordPress site.