PayHere Payment Gateway Security & Risk Analysis

The PayHere Payment Gateway plugin, version 2.4.4, exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices in its handling of SQL queries, exclusively using prepared statements, and a high percentage of properly escaped output, which mitigates common injection and cross-site scripting vulnerabilities. The absence of dangerous functions and file operations is also a strength. However, significant concerns arise from the static analysis, particularly the presence of three AJAX handlers that lack any authentication checks. This creates a substantial attack surface that could be exploited by unauthenticated users to trigger potentially sensitive actions within the plugin. The complete absence of nonce and capability checks further exacerbates this risk, making these AJAX endpoints vulnerable to unauthorized access. While the plugin has a history of medium-severity vulnerabilities, specifically related to missing authorization and exposure of sensitive information, the fact that these are currently unpatched (indicated by the vulnerability history mentioning future dates for resolution, which is unusual and might represent simulated data) is a critical concern that requires immediate attention. Despite the good practices in SQL and output handling, the unprotected entry points and historical vulnerability patterns suggest a need for significant security improvements to ensure the plugin's robust protection.