YITH Custom Login Security & Risk Analysis

The static analysis of yith-custom-login v1.7.7 reveals a generally positive security posture in terms of its attack surface and direct code execution risks. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, resulting in zero total entry points and zero unprotected ones. Furthermore, the plugin avoids dangerous functions, performs all SQL queries using prepared statements, and has no external HTTP requests. This suggests a careful approach to direct code interaction points.

However, concerns arise from the output escaping and file operation signals. With only 10% of outputs properly escaped among 60 total outputs, there's a significant risk of Cross-Site Scripting (XSS) vulnerabilities, especially given the plugin's past vulnerability history which includes two medium-severity XSS issues. The presence of file operations without further context also warrants caution. The complete absence of nonce and capability checks on entry points (though there are none identified) is a missed opportunity for robustness, and the zero taint analysis flows, while seemingly good, could also indicate that the analysis itself had limitations or that the plugin's structure doesn't lend itself to traditional taint flow detection.

Despite the low number of identified entry points, the vulnerability history, particularly the prevalence of XSS, coupled with the poor output escaping rates, indicates a recurring weakness. The recent medium vulnerability in September 2024, related to XSS, reinforces this. The plugin's strengths lie in its limited attack surface and secure database interactions. The weaknesses are primarily in output sanitization and the potential for unintended file interactions, which, when combined with past XSS issues, present a tangible risk to users.