EZ SHORTCURL Shortcodes to Fetch and Parse External Content Security & Risk Analysis

The shortcurl plugin v3.17.49 presents a mixed security posture. While the static analysis indicates a clean slate regarding SQL injection and taint analysis, with all SQL queries using prepared statements and no critical or high severity taint flows detected, there are several concerning signals. The plugin exhibits a lack of authorization checks, with zero nonce checks and zero capability checks across all identified entry points, including shortcodes, AJAX handlers, and REST API routes. This absence of proper authentication and authorization mechanisms creates a significant risk for unauthorized actions if any of the entry points are exploitable. Furthermore, the presence of the `create_function` dangerous function is a known security risk that can lead to code execution vulnerabilities if not handled with extreme care. The output escaping is also only partially implemented, with over half of the outputs not properly escaped, potentially leading to cross-site scripting (XSS) vulnerabilities.

The plugin's vulnerability history is a significant positive factor, showing no previously recorded CVEs. This suggests a generally well-maintained codebase or limited exposure to advanced security testing. However, the absence of past vulnerabilities should not overshadow the current identified risks. The combination of a large attack surface with zero authorization checks and the presence of dangerous functions outweighs the clean CVE history. The plugin is therefore considered to have a moderate to high risk profile due to the potential for exploitation of its unprotected entry points and the use of insecure coding practices, despite the lack of historical vulnerabilities.