Plugin inspection:

Advanced Page Manager

Use with caution

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

Before using this plugin, you should carefully consider these findings. Read more about this recommendation.

Warnings

This recommendation applies to version 1.3 of this plugin, but the most recent version is 1.4.2. These findings may no longer be correct.

Findings

This plugin contains a large number of unprepared SQL statements. The statements we reviewed appeared safe, however, this is a large and complex codebase and it was not possible to verify that every one of these queries is safe.

There are also instances of input data being passed directly into JSON outputs, however, we suspect this could only be used by an administrator to inject javascript or data into their own session.

This is otherwise a well-written plugin, and this finding is marginal.

Reason for the 'Use with caution' result

The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges:

Unprepared SQL statements.

Failure criteria

  • Lack of input sanitisation
  • Execution of unprepared SQL statements

Read more about our failure criteria.