• Does not prepare its SQL statements

The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges:

Probably contains SQL injections vulnerable to attack by admin users (or by anybody XSSing an admin user).