WP-PageNavi Security & Risk Analysis

The wp-pagenavi plugin v2.94.5 demonstrates a relatively strong security posture in terms of its attack surface and known vulnerability history. It reports zero AJAX handlers, REST API routes, shortcodes, or cron events that are unprotected, indicating a well-defined and contained entry point. The absence of any recorded CVEs, either historical or current, is a significant positive indicator of its stability and security over time. However, the static analysis reveals some concerning code-level practices that offset these strengths.

The primary concern stems from the database interactions. All four identified SQL queries are executed without prepared statements, which presents a significant risk of SQL injection vulnerabilities if any of the input feeding these queries is not meticulously sanitized. Furthermore, the taint analysis highlights four flows with unsanitized paths, all classified as high severity. This, combined with the raw SQL queries, strongly suggests that these unsanitized inputs are being directly incorporated into SQL statements.

While the plugin includes nonce checks and a reasonable percentage of output escaping, the critical findings in the taint analysis and the complete lack of prepared statements for SQL queries are major weaknesses. The vulnerability history is reassuring, but it doesn't negate the immediate risks identified in the code. In conclusion, the plugin's lack of exposed entry points and historical CVEs are strengths, but the presence of high-severity taint flows and raw SQL queries creates a substantial risk that requires immediate attention.