Search by Google Security & Risk Analysis

The "search-google" plugin v1.9 exhibits a mixed security posture. While it has no identified entry points in the static analysis (AJAX, REST API, shortcodes, cron), indicating a small attack surface, several code signals raise concerns. The presence of the dangerous `create_function` is a significant red flag, as it can lead to code injection vulnerabilities if user input is not meticulously sanitized before being passed to it. Furthermore, only 29% of output is properly escaped, suggesting a high risk of Cross-Site Scripting (XSS) vulnerabilities where untrusted data could be rendered in the browser without adequate sanitization.

The plugin's vulnerability history shows one known medium severity CVE related to XSS, which is currently unpatched. This unpatched vulnerability, combined with the static analysis findings pointing to potential XSS issues (low output escaping), strongly suggests that the plugin is susceptible to XSS attacks. The lack of nonce checks and capability checks, while not directly penalized due to the absence of unprotected entry points, are generally considered good security practices that are missing here. Overall, the absence of immediate critical threats in taint analysis is positive, but the presence of the dangerous function and poor output escaping, alongside an unpatched XSS vulnerability, creates a substantial risk.

In conclusion, while the plugin's limited attack surface is a strength, the code quality issues, particularly the use of `create_function` and inadequate output escaping, coupled with an unpatched XSS vulnerability, significantly lower its security. Users should exercise caution and prioritize updating or replacing this plugin. The identified risks are not theoretical but are supported by both static analysis and historical vulnerability data.