Animator – Scroll Triggered Animations Security & Risk Analysis

The 'scroll-triggered-animations' plugin v3.1.1 presents a mixed security picture. On the positive side, static analysis reveals a very small attack surface with only one AJAX handler, and importantly, this entry point appears to be protected by capability checks. The code also demonstrates good practices regarding SQL queries, exclusively using prepared statements, and has a high rate of output escaping. Furthermore, the absence of file operations and external HTTP requests reduces the potential for certain types of attacks. However, the plugin's history is a significant concern. With a total of three known medium-severity vulnerabilities, including Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), and Missing Authorization, it indicates a recurring pattern of security weaknesses. While there are currently no unpatched vulnerabilities, the past occurrences suggest potential for similar issues to emerge in future versions. The last known vulnerability being in July 2025, while seemingly in the future, is likely a data entry anomaly and should be treated as a recent past vulnerability given the context of a version analysis.