Revi.io – Customer & Products Reviews Security & Risk Analysis

The 'revi-io-customer-and-product-reviews' plugin version 6.6.1 presents a mixed security posture. While it shows strengths in its use of prepared statements for SQL queries (91%) and a relatively low number of direct entry points (8 total, 1 unprotected), several concerning signals warrant attention. The presence of an `unserialize` function is a critical risk due to its potential for remote code execution if user-controlled data is not rigorously sanitized before unserialization. Furthermore, a significant portion of the analyzed taint flows (6 out of 7) have unsanitized paths, indicating a potential for various injection vulnerabilities, even though no critical or high severity taint flows were flagged in this specific analysis. The plugin also exhibits a lack of capability checks on its entry points, with 1 out of 2 AJAX handlers and 1 out of 1 REST API routes lacking permission callbacks, opening them up to unauthorized access.

The plugin's vulnerability history indicates a past medium-severity Cross-Site Scripting (XSS) vulnerability. While there are currently no unpatched vulnerabilities, the existence of a previous XSS issue, combined with the taint analysis showing unsanitized paths and the static analysis revealing potentially unescaped output (34% not properly escaped), suggests a recurring theme of input sanitization weaknesses. The plugin's relatively small attack surface and good SQL practice are positive, but the potential for RCE via unserialize, the high number of unsanitized taint flows, and the lack of authorization checks on critical entry points significantly elevate the risk profile.