Erident Custom Login and Dashboard Security & Risk Analysis

The 'erident-custom-login-and-dashboard' plugin v4.3 exhibits a mixed security posture. On the positive side, it demonstrates strong practices regarding SQL queries and output escaping, with 100% prepared statements and 98% properly escaped outputs, respectively. The presence of 6 nonce checks and 4 capability checks also indicates an effort to secure certain functionalities. However, significant concerns arise from the static analysis, specifically the presence of one AJAX handler without authentication checks, representing a direct, unprotected entry point. The taint analysis revealing two flows with unsanitized paths, while not classified as critical or high severity, still suggests potential avenues for exploitation if these paths lead to sensitive operations. The plugin's vulnerability history is a major red flag. With a total of three known CVEs, including two high-severity and one medium-severity, and the last one being in April 2021, it suggests a pattern of past security weaknesses. The common vulnerability types (XSS and CSRF) point to historical issues with input handling and request verification. While there are currently no unpatched CVEs, the track record indicates a higher likelihood of future vulnerabilities if the development practices don't evolve to address these historical patterns more proactively. In conclusion, while the plugin has some good security foundations, the unprotected AJAX handler, unsanitized taint flows, and a history of high and medium severity vulnerabilities present considerable risks that require attention.