WP Publication Archive Security & Risk Analysis

The wp-publication-archive plugin version 3.0.1 exhibits a mixed security posture. On the positive side, the static analysis indicates a relatively small attack surface with no identified AJAX handlers or REST API routes exposed without authentication. Furthermore, all SQL queries utilize prepared statements, and there are no file operations or external HTTP requests, which are all good security practices. However, significant concerns arise from the output escaping, where only 25% of outputs are properly escaped, suggesting a potential for Cross-Site Scripting (XSS) vulnerabilities. The complete absence of nonce checks and capability checks, coupled with no taint analysis results, further compounds these concerns by indicating a lack of robust input validation and authorization mechanisms at key entry points.

The vulnerability history for this plugin is particularly alarming. With one unpatched medium severity CVE attributed to Cross-Site Scripting (XSS), and the last vulnerability occurring in the near future (2025-09-05), it indicates a recurring pattern of XSS issues and a lack of timely patching. This suggests that while the developers might be aware of some security issues, they are not consistently addressing them effectively or promptly. The current version also shows signs of unaddressed XSS potential in the static analysis due to poor output escaping. The lack of taint analysis data is also concerning as it might mean that comprehensive taint analysis was not performed, or that if it was, it failed to identify any issues, which contrasts with the identified XSS vulnerability history and poor output escaping.

In conclusion, while the plugin demonstrates some strengths in secure SQL handling and a limited attack surface, the high percentage of unescaped output and the presence of an unpatched XSS vulnerability, along with the complete lack of nonce and capability checks, present a significant risk. The recurring nature of XSS vulnerabilities indicates a need for more rigorous security development practices, particularly around input sanitization and output escaping, and a commitment to prompt patching.