Shortcodes Finder Security & Risk Analysis

The 'shortcodes-finder' plugin v1.6.1 presents a concerning security posture primarily due to its unprotected attack surface. With 4 AJAX handlers identified and all of them lacking authentication checks, there's a significant risk of unauthorized actions being performed by unauthenticated users. This, combined with the absence of any capability checks, makes these entry points highly vulnerable.

The static analysis also highlights concerns regarding data sanitization. While the majority of output escaping appears to be handled correctly, one unsanitized path flow identified through taint analysis warrants attention, potentially leading to cross-site scripting vulnerabilities if not properly addressed. Furthermore, the presence of SQL queries that are not using prepared statements is a critical risk that could lead to SQL injection vulnerabilities.

Historically, the plugin has had two medium-severity vulnerabilities, both related to Cross-site Scripting. The fact that these are now patched is a positive sign, but the recurring nature of XSS vulnerabilities suggests potential ongoing challenges with input sanitization within the plugin's codebase. While the plugin has strengths in avoiding dangerous functions and external requests, the significant number of unprotected AJAX endpoints and the raw SQL queries pose the most immediate and severe risks.