SEO, Nutrition and Print for Recipes by Edamam Security & Risk Analysis

The "seo-nutrition-and-print-for-recipes-by-edamam" plugin, v3.3, exhibits a mixed security posture. While the static analysis reveals a zero attack surface in terms of entry points (AJAX, REST API, shortcodes, cron events), and no critical or high severity taint flows were identified, there are significant concerns regarding data handling and the plugin's vulnerability history. The complete lack of prepared statements for SQL queries and the absence of output escaping for all identified outputs are major red flags. Furthermore, the presence of file operations and external HTTP requests without apparent checks also warrants caution. The plugin's history includes a medium severity CVE, specifically a Cross-Site Request Forgery (CSRF), which was last patched on 2025-04-09. The fact that this vulnerability is still listed as unpatched in the provided data is a critical issue, indicating a direct and current security risk to users running this version. The consistent pattern of vulnerabilities, even if historically only medium severity, suggests a potential for recurring security weaknesses. The plugin has strengths in its limited direct attack surface, but the concerning lack of basic security practices in data handling and the unpatched historical vulnerability make its overall security posture questionable and potentially risky.