All In One Image Viewer Block – Gutenberg block to create image viewer with hyperlink Security & Risk Analysis

The "image-viewer" v1.0.5 plugin exhibits a generally positive security posture, with no immediate critical vulnerabilities detected through static analysis. The absence of dangerous functions, a complete reliance on prepared statements for SQL queries, and a strong percentage of properly escaped output are commendable practices. The plugin also appears to implement capability checks, indicating an awareness of access control. However, there are areas that warrant attention. The presence of an external HTTP request, while not analyzed for taint, represents a potential attack vector if not handled with extreme care. Furthermore, the lack of explicit nonce checks on the identified AJAX handler, although reported as protected by a capability check, is a minor concern that could be strengthened.

The vulnerability history reveals a past high-severity vulnerability, specifically SSRF, which was patched. The fact that the last vulnerability occurred in 2026-02-04 suggests it has been addressed, but the presence of past high-severity issues, particularly SSRF, is a red flag. This indicates a historical tendency for vulnerabilities in this plugin, and while none are currently unpatched, vigilance is still recommended. Overall, the plugin demonstrates good security practices in many areas, but the past high-severity vulnerability and the limited analysis of external requests suggest a need for continued monitoring and potential hardening of specific entry points.