Extra Amount Option For WooCommerce Checkout (BASIC) Security & Risk Analysis

The "extra-amount-on-checkout" plugin v1.1.9 exhibits a concerning security posture primarily due to its unprotected AJAX handlers. While the code shows good practices in other areas, such as using prepared statements for all SQL queries and properly escaping all output, the presence of four AJAX handlers lacking any form of authentication or capability checks creates a significant attack surface. This means any user, regardless of their logged-in status or role, could potentially trigger these functions, leading to unintended actions within WordPress.

The static analysis did not reveal any dangerous functions, file operations, or external HTTP requests, and the taint analysis found no vulnerabilities. Furthermore, the plugin has no recorded vulnerability history, which suggests a generally stable past. However, the absence of nonce checks on these unprotected AJAX handlers is a critical oversight, as it leaves them vulnerable to Cross-Site Request Forgery (CSRF) attacks. The plugin does have two capability checks, but their effectiveness is undermined by the lack of authentication on the majority of its entry points.

In conclusion, while the plugin demonstrates strengths in data handling and output sanitization, the unprotected AJAX endpoints represent a major security weakness. The lack of authentication and nonce checks on these critical entry points significantly increases the risk of exploitation. Until these handlers are properly secured, the plugin should be considered a security risk.