External Links in New Window / New Tab Security & Risk Analysis

The 'open-external-links-in-a-new-window' plugin version 1.45 exhibits a strong security posture in its static analysis. It has zero identified entry points that are unprotected, no dangerous functions, and all SQL queries are properly prepared. Furthermore, all output is correctly escaped, and there are no file operations or external HTTP requests, suggesting a clean and contained codebase. The absence of any taint analysis findings reinforces this positive assessment, indicating no identifiable vulnerabilities in data handling or execution flows.

However, the plugin's vulnerability history presents a significant concern. With a total of two known CVEs, both of medium severity, and a last vulnerability reported in May 2022, the plugin has a track record of security issues. The common vulnerability types noted (Cross-site Scripting and issues with `window.opener`) suggest potential risks related to user input processing and how links are handled, even if the current static analysis doesn't flag them. The fact that these past vulnerabilities were eventually patched is a positive sign, but the existence of prior medium-severity flaws warrants caution.

In conclusion, while the current version of the plugin appears robust based on static analysis, its past security incidents indicate a need for ongoing vigilance. Users should ensure they are running the latest available version and remain aware of any new advisories. The plugin's strengths lie in its well-contained code and adherence to secure coding practices in its current iteration, but its historical medium-severity vulnerabilities present a notable weakness.