WP Terms Popup – Terms and Conditions and Privacy Policy WordPress Popups Security & Risk Analysis

The wp-terms-popup plugin v2.11.0 exhibits a mixed security posture. While it demonstrates strong adherence to secure coding practices, such as utilizing prepared statements for all SQL queries and having a high percentage of properly escaped outputs, several concerning aspects require attention. The plugin exposes a significant attack surface with 5 entry points, 4 of which lack authentication checks. This could be a prime target for unauthorized access or manipulation if not properly secured by the WordPress environment itself. The taint analysis identified one flow with unsanitized paths, though it was not classified as critical or high severity, it still warrants careful review. The plugin's vulnerability history reveals one known medium-severity CVE related to Cross-Site Scripting, which was patched. However, the presence of past vulnerabilities, even if resolved, indicates a potential for similar issues to arise if development practices are not consistently robust. Overall, the plugin has strengths in its SQL handling and output escaping, but the large number of unprotected entry points and the past XSS vulnerability are notable weaknesses that contribute to a moderate risk profile.