Units Security & Risk Analysis

The "units" plugin v1.0.2 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by exclusively using prepared statements for all SQL queries and shows no known past vulnerabilities or CVEs. This suggests a generally responsible development approach regarding data persistence. However, significant concerns arise from the plugin's attack surface. A substantial number of AJAX handlers (6 out of 6) are exposed without any authentication checks, creating a wide entry point for potential malicious activity. Furthermore, the output escaping is notably weak, with only 41% of outputs being properly sanitized. This could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled carefully before being rendered in the browser. The lack of capability checks on AJAX handlers is a critical oversight, allowing any authenticated user, regardless of their role, to potentially trigger plugin functionality.

While the absence of known CVEs and critical taint flows is reassuring, the high proportion of unprotected AJAX endpoints and insufficient output escaping represent immediate and serious risks. The plugin's attack surface is disproportionately exposed without necessary authorization. Future development should prioritize implementing robust nonce and capability checks on all AJAX handlers and improving output sanitization to mitigate XSS risks. The current state indicates a plugin that, while not demonstrably exploited, has critical security weaknesses that require urgent attention.