FormCraft – Form Builder Security & Risk Analysis

The "formcraft-form-builder" plugin version 1.2.11 exhibits a mixed security posture. On the positive side, the static analysis reveals a robust use of prepared statements for all SQL queries and a high percentage of properly escaped outputs. Furthermore, all identified AJAX and REST API entry points have checks in place, indicating good practices in handling user interactions and preventing direct unauthenticated access. The absence of external HTTP requests and bundled libraries further reduces potential attack vectors.

However, several concerns warrant attention. The taint analysis indicates three flows with unsanitized paths, specifically marked as high severity. While these are not currently marked as critical, unsanitized paths can be a precursor to vulnerabilities if not addressed. Compounding this, the plugin has a significant history of known vulnerabilities, with 10 CVEs recorded, including 2 critical and 2 high severity issues in the past. Although none are currently unpatched, this history of diverse and severe vulnerability types (including Missing Authorization, XSS, SSRF, CSRF, and SQL Injection) suggests a pattern of insecure coding practices in previous versions. This indicates a potential for new vulnerabilities to emerge in future updates if diligent security practices are not maintained.

In conclusion, while version 1.2.11 demonstrates improvements in specific areas like SQL querying and output escaping, the presence of high-severity unsanitized paths and the plugin's extensive history of critical and high-severity vulnerabilities necessitate a cautious approach. The risk is moderate, primarily driven by the potential for undiscovered vulnerabilities stemming from past patterns and the identified taint flows.