Photo Sphere Viewer – 360° Panorama, Virtual Tour & 360 Video for WordPress Security & Risk Analysis

The photo-sphere-viewer v2.1.0 plugin exhibits a generally strong security posture based on the provided static analysis. It demonstrates good practices by having no critical or high severity taint flows, all AJAX handlers and REST API routes are properly protected with authentication checks, and output escaping is highly effective. The absence of dangerous functions and external HTTP requests further enhances its security. The plugin also benefits from a clean vulnerability history, with no recorded CVEs, suggesting a well-maintained and secure codebase.

However, there are minor areas for attention. The presence of SQL queries that are not consistently using prepared statements, with 50% being raw, presents a potential risk for SQL injection vulnerabilities, albeit mitigated by the small number of queries. While the attack surface is relatively small and all entry points are protected, the presence of file operations and bundled libraries warrants a closer look. The bundled Freemius v1.0 library, if outdated, could introduce its own set of vulnerabilities. Overall, the plugin is secure, but maintaining vigilance on its dependencies and ensuring consistent use of prepared statements for all database interactions would further strengthen its security.