Stop User Enumeration Security & Risk Analysis

The "stop-user-enumeration" plugin v1.7.7 exhibits a mixed security posture. While static analysis reveals a commendably small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that lack authentication or proper permission checks, and all SQL queries utilize prepared statements, there are significant historical concerns.

The plugin has a history of 6 known Common Vulnerabilities and Exposures (CVEs), with 2 high and 4 medium severity vulnerabilities. The types of past vulnerabilities, including Protection Mechanism Failure, Missing Authorization, Exposure of Sensitive Information, Cross-Site Scripting, and Improper Access Control, suggest recurring issues in how the plugin handles user access and input validation. The most recent vulnerability was identified on 2025-06-26, indicating ongoing security challenges. The absence of taint analysis data and the zero count for dangerous functions, file operations, and external HTTP requests in the static analysis are positive signs, but they do not fully mitigate the risk presented by the historical vulnerability patterns.

In conclusion, the current version of the plugin appears to have addressed immediate code-level risks in its entry points and database interactions based on static analysis. However, the substantial historical vulnerability record, particularly the high and medium severity issues involving authorization, access control, and information exposure, necessitates a cautious approach. The plugin's security is weakened by its past, and it is crucial for users to ensure they are running the absolute latest version, as the last known vulnerability is surprisingly recent and implies potential for future undiscovered or re-emerging issues.