Mercantor Security & Risk Analysis

The 'mercantor' plugin v1.2.0 presents a mixed security posture. While it demonstrates strong practices in code sanitation, with a very high percentage of SQL queries using prepared statements and a near-perfect rate of output escaping, significant concerns arise from its attack surface. All 13 identified REST API routes lack permission callbacks, meaning they are accessible and potentially executable by any user, regardless of their role or logged-in status. This creates a substantial risk of unauthorized actions or data exposure through these unprotected endpoints.

The absence of known vulnerabilities in its history is a positive indicator, suggesting that developers may be proactive or that the plugin has not been a target. However, this cannot overshadow the immediate risks posed by the exposed REST API. The plugin also has a single cron event, which, while not explicitly stated as unprotected, warrants scrutiny to ensure it doesn't become an additional attack vector if not properly secured. The presence of nonce checks and capability checks, though limited in number, suggests an awareness of security principles, but their implementation is not comprehensive enough to mitigate the risks of the open REST API.

In conclusion, 'mercantor' v1.2.0 exhibits excellent code hygiene regarding SQL and output handling. However, the plugin's security is severely compromised by a large, unprotected attack surface primarily consisting of REST API endpoints. The lack of authentication and authorization on these points is the most critical finding and represents a significant security weakness that attackers could exploit. Despite a clean vulnerability history, the inherent design flaw in exposing these endpoints makes the plugin a high-risk component until these are properly secured.