Read More Login Security & Risk Analysis

The "read-more-login" v2.0.3 plugin exhibits a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and performing nonce checks, there are significant concerns regarding output sanitization and a history of medium-severity vulnerabilities. The static analysis reveals a low percentage (6%) of properly escaped outputs, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities. The presence of a file operation and an external HTTP request without explicit mentions of sanitization or authentication checks in the static analysis results warrants further investigation.

The vulnerability history shows one known medium-severity CVE, identified as Cross-Site Scripting (XSS), which is currently unpatched. This indicates a recurring pattern of input validation and output sanitization weaknesses. The fact that this vulnerability is recent (dated 2025-06-05) and unpatched is a critical concern, suggesting that users of this plugin are actively exposed to this risk.

In conclusion, despite some positive security implementations like prepared statements and nonce checks, the plugin's low output escaping rate and its unpatched XSS vulnerability significantly lower its overall security score. The presence of file operations and external HTTP requests, without clear security controls indicated, adds to the potential risk profile. Users should exercise extreme caution until these issues are addressed.