NC Taxonomy Meta Security & Risk Analysis

The "nc-taxonomy-meta" plugin version 1.0.2 presents a concerning security posture due to several significant vulnerabilities identified in the static analysis. While there are no known CVEs associated with this plugin, the code itself reveals critical areas of weakness. A primary concern is the presence of an unprotected AJAX handler, which represents a direct attack vector for unauthenticated users. Furthermore, the extensive use of raw SQL queries without prepared statements (100% of 12 queries) is a major risk, potentially leading to SQL injection vulnerabilities. The taint analysis also highlights two high-severity flows with unsanitized paths, indicating potential for privilege escalation or data manipulation if these paths are exploited.

While the plugin does implement one nonce check, the absence of capability checks on any entry points and the low percentage of properly escaped output (19%) are significant drawbacks. The lack of vulnerability history could indicate either a well-maintained plugin or simply a lack of prior security analysis. However, relying on the absence of historical vulnerabilities is not a robust security strategy. The plugin's strengths are its minimal attack surface in terms of entry points (excluding the unprotected AJAX handler) and the absence of file operations or external HTTP requests. Despite these few positives, the identified risks, particularly the unprotected AJAX handler and widespread use of raw SQL, require immediate attention and mitigation.