Extensions Keep – Save, install and share your plugins with a single click Security & Risk Analysis

The "extensions-keep" v1.0.0 plugin exhibits a strong security posture based on the provided static analysis and vulnerability history. The absence of any identified CVEs and the plugin's clean vulnerability history suggest a commitment to security by its developers. The static analysis reveals no critical or high-severity issues. Notably, there are no exposed AJAX handlers, REST API routes, shortcodes, or cron events without authentication or proper checks, indicating a well-defined and protected attack surface. The code also shows good practices with 100% of SQL queries using prepared statements, a significant number of capability and nonce checks, and no file operations or external HTTP requests, which are common vectors for vulnerabilities.

While the overall security is commendable, a minor concern arises from the output escaping. With 66% of outputs properly escaped, there is still a 34% portion that is not, which could potentially lead to cross-site scripting (XSS) vulnerabilities if sensitive data is outputted without proper sanitization. However, the taint analysis found no flows with unsanitized paths, suggesting that even the unescaped outputs may not be immediately exploitable, or the data handled is not sufficiently sensitive to be a critical risk. The limited number of flows analyzed (4) means the coverage might not be exhaustive, but the lack of critical/high findings is reassuring.