paymendo – Bank Transfer (Lite) Security & Risk Analysis

The paymendo-bank-transfer plugin version 1.1 presents a concerning security posture primarily due to its large, unprotected attack surface. All eight identified AJAX handlers lack authentication checks, making them prime targets for unauthorized access and potential exploitation. While the code signals show no directly dangerous functions, file operations, or external HTTP requests, the high percentage of unsanitized paths in the taint analysis (5 out of 5 flows) is a significant red flag. This indicates a strong likelihood of vulnerabilities such as Cross-Site Scripting (XSS) or other injection attacks, particularly given the critical severity associated with these unsanitized flows.

The plugin's vulnerability history is currently clean, with no known CVEs recorded. This might suggest that the plugin has not been a target of significant historical exploitation or that past vulnerabilities have been adequately addressed. However, the lack of historical data should not be mistaken for inherent security. The current static analysis reveals weaknesses that could easily lead to new vulnerabilities, especially the absence of any nonce or capability checks on its numerous AJAX endpoints.

In conclusion, while the absence of dangerous functions and external requests is positive, the critical flaws identified in the taint analysis and the unprotected AJAX endpoints create a substantial risk. The plugin needs immediate attention to implement proper authentication, authorization, and input sanitization for its AJAX handlers to mitigate the high risk of exploitation.