Resize Control – Compress and resize images after upload Security & Risk Analysis

The "resize-control" plugin v1.0.91 exhibits a generally good security posture based on the provided static analysis and vulnerability history. The plugin demonstrates strong adherence to secure coding practices, with all SQL queries utilizing prepared statements and an overwhelming majority of outputs being properly escaped. The absence of dangerous functions, file operations, and external HTTP requests further contributes to its security. Furthermore, the lack of any known historical vulnerabilities, critical or otherwise, is a significant positive indicator. The attack surface, while present with two REST API routes, is secured by permission callbacks, and there are no unprotected entry points. The sole capability check indicates a conscious effort to restrict access to certain functionalities.

However, a notable concern is the complete absence of nonce checks across all entry points, including the REST API routes which lack explicit permission callbacks according to the 'Unprotected: 0' status. While the static analysis reports no unprotected entry points, the lack of documented nonce checks on these REST API routes presents a potential weakness. This could leave the plugin susceptible to Cross-Site Request Forgery (CSRF) attacks if the underlying operations performed by these routes are sensitive or can be exploited. The taint analysis showing zero flows with unsanitized paths is reassuring, but it doesn't mitigate the risk of CSRF if nonces are not implemented.