Print, PDF, Email by PrintFriendly Security & Risk Analysis

The printfriendly plugin, version 5.5.8, exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a single nonce check, the significant concern lies in its output escaping. With only 38% of outputs properly escaped out of 120 total, there's a high likelihood of Cross-Site Scripting (XSS) vulnerabilities being present. The taint analysis showing zero flows is somewhat reassuring, but this is often a superficial indicator when fundamental output sanitization is lacking. The vulnerability history, with two known medium severity CVEs, both of the XSS type and with the last one occurring in late 2023, further reinforces the concern about insufficient output sanitization. Although there are no currently unpatched vulnerabilities, the recurring pattern of XSS suggests an ongoing weakness in handling user-supplied input securely. The plugin has a small attack surface, which is a positive, but this is overshadowed by the critical lack of robust output escaping. The presence of a bundled library, Select2, also warrants attention, as outdated bundled libraries can introduce further security risks if not managed diligently.