NS Custom Add To Cart Button For Woocommerce Security & Risk Analysis

The "ns-custom-add-to-cart-button-for-woocommerce" plugin, version 1.2.4, presents a moderate security risk due to several concerning findings in its static analysis. While the plugin demonstrates good practices by avoiding dangerous functions, performing all SQL queries using prepared statements, and having no recorded vulnerability history, its attack surface is notably exposed. It features two AJAX handlers, both of which lack authentication checks, creating a direct entry point for unauthenticated users. Furthermore, a significant portion of its output (85%) is not properly escaped, potentially leading to cross-site scripting (XSS) vulnerabilities if malicious data is processed through these outputs. The taint analysis also identified two flows with unsanitized paths, indicating potential for directory traversal or other path-based attacks, although these were not classified as critical or high severity. The complete absence of nonce checks and capability checks on its AJAX endpoints exacerbates these risks, making it easier for attackers to trigger unintended actions. While the lack of known CVEs is a positive sign, the identified vulnerabilities in the code analysis suggest a need for immediate attention to secure the plugin's entry points and output handling.