WP Table Builder – Drag & Drop Table Builder Security & Risk Analysis

The plugin "wp-table-builder" v2.1.10 exhibits a mixed security posture. On the positive side, the static analysis shows a strong adherence to secure coding practices regarding SQL queries, with all queries using prepared statements. The output escaping is also very good, with 94% of outputs properly escaped. Furthermore, the attack surface from AJAX handlers and REST API routes is zero, and there are no detected critical or high-severity taint flows. The absence of unpatched CVEs in its history is also a significant strength.

However, several areas raise concerns. The presence of 10 known medium-severity vulnerabilities in its history, including Incorrect Authorization, Cross-site Scripting, and CSRF, indicates a pattern of past security weaknesses that, while currently patched, suggest a higher potential for future disclosures. The complete absence of nonce checks across the entire plugin is a major oversight, especially considering the presence of a shortcode which can be a potential entry point for attacks. While there are capability checks, the lack of nonce validation leaves room for potential cross-site request forgery scenarios. The bundling of Freemius v1.0, if outdated, could also introduce risks.

In conclusion, while "wp-table-builder" has made strides in secure coding for SQL and output handling, the historical prevalence of medium-severity vulnerabilities and the critical omission of nonce checks present notable risks. The plugin's security relies heavily on timely patching of past vulnerabilities, and the lack of nonce protection warrants immediate attention.