WP Export Users Security & Risk Analysis

The "wp-export-users" v1.4 plugin exhibits a generally concerning security posture, despite the absence of publicly known vulnerabilities and a seemingly small attack surface. The static analysis reveals significant weaknesses in its code. Notably, 100% of its SQL queries are not using prepared statements, which is a critical risk for SQL injection vulnerabilities. Furthermore, none of the output operations are properly escaped, posing a high risk of cross-site scripting (XSS) attacks. The taint analysis also found two flows with unsanitized paths, which, although not classified as critical or high severity in this instance, indicate potential vulnerabilities if they were to involve sensitive data or be exploited in conjunction with other weaknesses.

The lack of nonce checks and capability checks on any entry points, combined with the unescaped output, creates a very insecure environment for user interaction and data handling within the plugin. While the plugin has no recorded CVEs, this could be due to a lack of thorough security auditing or a small user base. The absence of any security best practices like prepared statements and output escaping is a significant red flag. Overall, while the plugin doesn't present an immediate, known critical threat based on its history, the internal code analysis reveals fundamental security flaws that expose it to significant risks of SQL injection and XSS vulnerabilities.