Shopper Rewards for WP-eCommerce Security & Risk Analysis

The "shopper-rewards-free-for-wp-ecommerce" plugin version 2013.07.15.1 exhibits a concerning security posture despite some positive code practices. While it shows a high percentage of prepared SQL statements and proper output escaping, critical weaknesses exist. Notably, all identified entry points, including AJAX handlers, lack authentication checks. The taint analysis reveals a significant number of flows with unsanitized paths, including three classified as high severity. This combination of an exposed attack surface and potential for unsanitized data processing points to a high risk of exploitation.

The plugin's vulnerability history is clean, with no recorded CVEs. This could indicate either a lack of past vulnerabilities or a lack of discovery and reporting. However, the current code analysis presents immediate and actionable risks that should not be overlooked based solely on past history. The absence of nonce checks and capability checks on the identified AJAX endpoints further exacerbates the risk, making it easier for unauthenticated users to trigger potentially harmful actions.

In conclusion, while the plugin demonstrates good practices in SQL query preparation and output escaping, these strengths are overshadowed by severe deficiencies in authentication and data sanitization for its entry points. The high number of unsanitized taint flows and unprotected AJAX handlers presents a substantial security risk that requires immediate attention.