FontIran Font Changer Security & Risk Analysis

The 'fontiran-font-changer' v3 plugin exhibits several concerning security practices, despite a clean vulnerability history. The primary risk stems from its two AJAX handlers, both of which lack authentication checks. This creates a significant attack surface where unauthorized users could potentially trigger malicious actions. While the plugin uses prepared statements for SQL queries and has some nonce and capability checks, the absence of proper authorization for its AJAX endpoints is a critical oversight.

The taint analysis reveals flows with unsanitized paths, although these did not reach a critical or high severity in the static analysis. This suggests a potential for path traversal or other file manipulation vulnerabilities if these flows are combined with the unprotected AJAX endpoints. The low percentage of properly escaped output is another area of concern, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities.

While the plugin has no recorded vulnerabilities, this could be due to a lack of thorough auditing or that the existing weaknesses have not yet been exploited or discovered. The combination of an exposed attack surface and inadequate output escaping presents a notable security risk. The strengths lie in its use of prepared SQL statements and some (though insufficient) authentication checks. However, the unprotected AJAX handlers and poor output escaping are major weaknesses that need immediate attention.