Tutor LMS Elementor Addons Security & Risk Analysis

The plugin "tutor-lms-elementor-addons" v3.0.2 presents a mixed security posture. On the positive side, the static analysis shows a limited attack surface with only one AJAX handler and no exposed REST API routes, shortcodes, or cron events. The code also demonstrates some good practices with 80% of SQL queries using prepared statements and a high percentage of output escaping (70%). Furthermore, there are no critical or high severity taint flows, and no external HTTP requests are made, reducing the risk of certain types of attacks.

However, significant concerns are raised by the plugin's vulnerability history. With a total of 5 known CVEs, all of which are medium severity and primarily related to Cross-site Scripting and Missing Authorization, this indicates a pattern of past security weaknesses. The fact that all these historical vulnerabilities are now patched is a positive sign, but the prevalence of these specific types of vulnerabilities suggests potential recurring issues in how user input is handled and authorization is enforced. The complete absence of nonce checks and only a single capability check across all entry points are also considerable weaknesses that could be exploited if an attacker can trigger the AJAX handler.

In conclusion, while the current version shows improvements in reducing attack vectors and sanitizing some outputs, the history of XSS and authorization vulnerabilities, coupled with the lack of robust nonce and capability checks on its single entry point, leaves room for potential exploitation. The plugin has a decent foundation but requires vigilance, especially regarding input validation and authorization logic to prevent a recurrence of past vulnerabilities.