Entro WordPress Coming Soon per post/page or global Security & Risk Analysis

The plugin 'entro-coming-soon-per-postpage-or-global' v1.0.2 demonstrates a mixed security posture. While it shows strong adherence to secure coding practices by not utilizing dangerous functions, performing all SQL queries with prepared statements, and having no file operations or external HTTP requests, several concerning areas exist. The extremely low percentage of properly escaped output (4%) suggests a high likelihood of cross-site scripting (XSS) vulnerabilities. Furthermore, the presence of two taint flows with unsanitized paths, although not categorized as critical or high severity, warrants careful investigation as they indicate potential pathways for malicious input to be processed without adequate sanitization. The complete absence of recorded vulnerabilities in its history is a positive sign, suggesting a generally stable codebase or diligent maintenance. However, the limited number of identified code signals and entry points might also mean the plugin has a minimal feature set, thus a smaller attack surface to exploit. Overall, the plugin's strengths lie in its lack of direct attack vectors like AJAX or REST API endpoints and its secure SQL handling, but the significant lack of output escaping is a major weakness that could expose users to considerable risk.