GERRG Frequently Bought Together for Woocommerce Security & Risk Analysis

The "wc-frequently-purchased-together" plugin, version 1.41, exhibits several concerning security practices, primarily revolving around its unprotected AJAX handlers. While the plugin demonstrates good practices in its SQL query handling and avoids file operations or external HTTP requests, the presence of three AJAX handlers without authentication checks presents a significant attack surface. This means that any user, including unauthenticated ones, could potentially trigger these actions, leading to unintended consequences or exploitation if the underlying functionality is vulnerable.

The static analysis also highlights issues with output escaping, with only 35% of outputs being properly escaped. This could open the door to cross-site scripting (XSS) vulnerabilities if user-supplied data is not adequately sanitized before being displayed. The absence of nonce checks on AJAX handlers further exacerbates this risk, as it prevents a common mechanism for verifying the legitimacy of requests. The plugin's clean vulnerability history is a positive sign, suggesting that past development may have been more secure or that vulnerabilities have been promptly addressed. However, this does not mitigate the immediate risks identified in the current version's code.

In conclusion, while the plugin avoids common pitfalls like raw SQL queries and dangerous functions, the unprotected AJAX endpoints and insufficient output escaping are critical security weaknesses. The lack of a history of vulnerabilities should not lead to complacency, as the current code presents exploitable entry points that require immediate attention. The plugin has a good foundation in some areas but needs substantial improvement in input validation and access control for its AJAX functionalities.