Remarkety – eCommerce Marketing Automation Platform for WooCommerce Security & Risk Analysis

The "remarkety-for-woocommerce" plugin v1.7.0 presents a mixed security posture. While it boasts no known historical vulnerabilities and generally utilizes prepared statements for its SQL queries, several significant concerns arise from the static analysis. The presence of an unprotected AJAX handler represents a critical entry point that could be exploited without authentication. Furthermore, the analysis reveals a high number of flows with unsanitized paths, with three identified as high severity, indicating potential for data manipulation or code execution. The use of the `unserialize` function, especially without sufficient input validation, is a known risk for object injection vulnerabilities. The lack of nonce checks on the identified AJAX handler is another serious oversight, making it susceptible to Cross-Site Request Forgery (CSRF) attacks. The low percentage of properly escaped output also suggests a risk of Cross-Site Scripting (XSS) vulnerabilities. Despite the positive aspect of no historical CVEs, these code-level findings highlight significant weaknesses that require immediate attention to improve the plugin's overall security.