NS WordPress Custom Alert Popup Box Security & Risk Analysis

The plugin "ns-custom-alert-popup-box" v1.7.3 exhibits a concerning security posture, primarily due to a significant lack of authentication and capability checks on its entry points. While the plugin demonstrates good practices in its handling of SQL queries and avoidance of dangerous functions, the presence of two unprotected AJAX handlers exposes a substantial attack surface. This means that any unauthenticated user could potentially interact with these handlers, leading to unintended consequences or further exploitation if malicious input is provided.

The taint analysis, while not revealing critical or high severity vulnerabilities, did identify two flows with unsanitized paths. Combined with the unprotected AJAX endpoints, this raises a red flag. Although no direct vulnerabilities were found in the taint analysis, the combination of these factors suggests a potential for privilege escalation or cross-site scripting (XSS) if an attacker can leverage the unsanitized paths through the exposed AJAX handlers.

The plugin's vulnerability history is clean, with no recorded CVEs. This is a positive indicator and suggests that in the past, the plugin has not been a target for major exploits or has been effectively patched. However, the lack of past vulnerabilities does not negate the current risks identified in the static analysis. The absence of proper authorization and sanitization on its entry points is a fundamental security weakness that needs immediate attention. While the plugin's SQL usage and lack of bundled libraries are strengths, the unprotected AJAX endpoints and potential for unsanitized data flows present a significant risk that could be exploited.