AfterShip Shipping: Free Shipping Labels for WooCommerce, Discounted Shipping Rates Security & Risk Analysis

The static analysis of postmen-woo-shipping v1.3.15 reveals a mixed security posture. On the positive side, there are no identified dangerous functions, all SQL queries are properly prepared, and there are no external HTTP requests or bundled libraries, which are generally good practices. The plugin also implements capability checks, indicating some level of authorization is considered.

However, several areas raise concerns. The taint analysis indicates two flows with unsanitized paths, which is a significant risk as it suggests potential for injection vulnerabilities if these paths are exposed to user input. Furthermore, the output escaping is only 47% proper, meaning a substantial portion of dynamic output is not being sanitized, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities. The complete absence of nonce checks, especially with an attack surface of 0 reported entry points (which is unusual and might be an artifact of the analysis scope), warrants caution. If any entry points exist that are not properly secured, the lack of nonces would be a critical flaw.

The vulnerability history is a strong positive point, with zero known CVEs, suggesting a history of relatively secure development. However, this cannot entirely offset the risks identified in the static analysis, particularly the unsanitized paths and poor output escaping. The conclusion is that while the plugin has a clean vulnerability record and avoids some common pitfalls like raw SQL and bundled libraries, the identified taint flows and significant amount of unescaped output present clear and actionable security risks that require immediate attention.