WC Filter By Multiple Tax Security & Risk Analysis

The "wc-filter-by-multiple-tax" v1.1.0 plugin exhibits a concerning security posture primarily due to its unprotected AJAX endpoints. While the plugin shows strengths in its handling of SQL queries, utilizing prepared statements exclusively, and avoiding dangerous functions, file operations, or external HTTP requests, the presence of two AJAX handlers without authentication checks creates a significant attack surface. This lack of authorization means any unauthenticated user could potentially interact with these endpoints, leading to unintended consequences or exploitation of underlying logic within the plugin.

The static analysis reveals that a substantial portion of output (41%) is not properly escaped. While taint analysis shows no detected vulnerabilities in this version, the combination of unescaped output and unprotected AJAX handlers presents a plausible pathway for cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled carefully within these AJAX operations. The absence of any recorded vulnerabilities in its history might indicate a lack of historical targeting or that previous versions were more secure. However, this should not be relied upon as a sole indicator of current security.

In conclusion, the plugin's use of prepared statements and lack of other common risky code patterns are positive signs. Nevertheless, the two unprotected AJAX endpoints are a critical weakness that requires immediate attention. Coupled with the significant percentage of unescaped output, the plugin's current security is compromised. Addressing the unprotected AJAX handlers and improving output escaping are essential steps to mitigate the identified risks.