Pollen – WPBakery Page Builder Addons Security & Risk Analysis

The Pollen plugin v1.0.8 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for all SQL queries and does not appear to have any known historical vulnerabilities. This suggests a developer who is aware of common SQL injection pitfalls and committed to security patching. However, there are notable concerns that warrant attention. The plugin has a relatively high number of entry points (7), with one AJAX handler lacking authentication checks. This directly exposes a potential attack vector. Additionally, a significant portion (48%) of its output escaping is not properly handled, indicating a risk of cross-site scripting (XSS) vulnerabilities if user-controlled data is displayed without adequate sanitization. The presence of unsanitized paths in taint analysis, even without critical severity, should be investigated further as it can lead to path traversal or other file-related vulnerabilities.

While the lack of critical or high-severity findings in the static analysis and vulnerability history is encouraging, the identified weaknesses are not negligible. The unprotected AJAX handler is a direct and exploitable vulnerability. The high percentage of unescaped output suggests a systemic issue with output sanitization that could lead to multiple XSS vulnerabilities. The presence of unsanitized paths in taint analysis, though not flagged as critical, still represents a potential weakness. The plugin's strengths lie in its secure SQL handling and absence of historical CVEs. However, the current implementation has clear vulnerabilities related to authentication and output escaping that must be addressed to improve its overall security.