Usersnap Security & Risk Analysis

The "usersnap" plugin v4.20 presents a mixed security posture. While the static analysis indicates a generally good practice with zero identified dangerous functions, SQL injection vulnerabilities, or file operations, and all SQL queries utilizing prepared statements, there are notable weaknesses. The low percentage of properly escaped output (10%) is a significant concern, suggesting a high potential for cross-site scripting (XSS) vulnerabilities. The absence of nonce checks on AJAX handlers and capability checks on REST API routes, coupled with zero identified entry points and unprotected handlers, might indicate a limited attack surface or that these checks are handled elsewhere, but it also means any future introduced entry points could be unprotected.

The vulnerability history reveals one past medium-severity vulnerability, specifically Cross-site Scripting, which was patched in early 2023. While there are no currently unpatched CVEs, the historical presence of XSS suggests that the development team may have had challenges in properly sanitizing output in the past. This, combined with the current static analysis findings of poor output escaping, points to a recurring area of risk that requires careful monitoring and more robust sanitization practices.

In conclusion, the plugin demonstrates strengths in its avoidance of common injection vulnerabilities and secure SQL handling. However, the significant concern regarding insufficient output escaping, supported by past XSS vulnerabilities, presents a tangible risk. The limited attack surface revealed in the static analysis is a positive sign, but the potential for XSS due to poor output handling remains the most critical weakness.