Kanpress Security & Risk Analysis

The "kanpress" v1.1 plugin exhibits a mixed security posture. On the positive side, the code analysis indicates no dangerous functions, file operations, or external HTTP requests, and all SQL queries utilize prepared statements, which are strong indicators of secure coding practices in these areas. The presence of capability checks also suggests some attempt to enforce user permissions.

However, significant concerns arise from the output escaping and taint analysis. A low percentage (26%) of outputs are properly escaped, leaving a substantial portion potentially vulnerable to Cross-Site Scripting (XSS) attacks. This is further corroborated by the taint analysis, which found flows with unsanitized paths, although thankfully none of critical or high severity. The complete lack of nonce checks and the limited capability checks on the identified entry points are also weaknesses, as they could allow for unauthorized actions if an attacker can inject malicious code or exploit other vulnerabilities.

The vulnerability history is a critical red flag. The plugin has a known, unpatched medium severity CVE related to Cross-site Scripting. The fact that this vulnerability is recent (August 2025) and still unaddressed, coupled with the output escaping issues identified in the static analysis, strongly suggests that the developers may not be actively monitoring or promptly addressing security flaws. This historical pattern, combined with the static analysis findings, points to a need for urgent attention to secure this plugin.