UsersWP – ReCaptcha Security & Risk Analysis

The userswp-recaptcha plugin v1.3.22 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices in its database interactions, with all SQL queries utilizing prepared statements, and there are no recorded historical vulnerabilities (CVEs). The static analysis also shows no dangerous functions or file operations, and a limited external HTTP request. However, concerns arise from the output escaping, where only 54% of outputs are properly escaped, leaving a significant portion potentially vulnerable to cross-site scripting (XSS) attacks.

Further analysis reveals a critical weakness in the taint analysis. Despite a low total number of flows analyzed, both identified flows have unsanitized paths, indicating a potential for data injection or manipulation. The absence of nonce checks and capability checks on any entry points (AJAX, REST API, shortcodes, cron events) is a significant concern, as it implies that any user, regardless of their role or permissions, could potentially interact with these points and trigger unintended actions or expose sensitive information.

While the plugin has a clean vulnerability history, this should not be taken as a guarantee of future security, especially given the identified issues in output escaping and taint analysis. The lack of authentication checks on entry points is a fundamental security flaw that needs immediate attention. Overall, the plugin has some strong security foundations but suffers from critical omissions in input sanitization and output escaping, and a lack of proper access control for its entry points.