WP Image Sizes Security & Risk Analysis

The "wp-image-sizes" v1.1.4 plugin presents a concerning security posture due to a significant number of unprotected entry points. All three identified AJAX handlers lack authentication checks, creating a broad attack surface that could be exploited by unauthenticated users. While the code analysis shows no dangerous functions, 100% of SQL queries use prepared statements, and file operations are absent, these strengths are overshadowed by the critical weakness of unprotected AJAX endpoints.

The taint analysis revealed three flows with unsanitized paths, which, although not classified as critical or high severity in this analysis, are still a cause for concern. The lack of nonce checks on these AJAX handlers exacerbates the risk, as it means any user could potentially trigger these functions without proper verification. The output escaping also shows a weakness, with only 33% of outputs being properly escaped, potentially leading to cross-site scripting (XSS) vulnerabilities if the unsanitized data flows result in executable code.

Historically, this plugin has no recorded vulnerabilities, which is a positive sign and suggests good development practices in the past. However, the current static analysis results highlight a significant departure from secure coding standards. The absence of any historical issues should not lead to complacency, especially given the present findings. The plugin has strengths in its SQL handling and lack of file operations, but the unprotected AJAX endpoints, unsanitized paths, and poor output escaping are critical issues that require immediate attention.