Plugin inspection:

BU Section Editing

Use with caution

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

Before using this plugin, you should carefully consider these findings. Read more about this recommendation.

Warnings

This recommendation applies to version 0.9.1 of this plugin, but the most recent version is 0.9.9. These findings may no longer be correct.

Findings

This plugin is likely to contain an SQL injection exploitable by privileged users. It uses sprintf throughout to assemble queries, which offers no security when adding user-controllable parameters to strings.

Some other less serious issues are present:

  • This plugin’s testing framework has been left in the production code
  • User input is not sanitised
  • Nonces are used sporadically, and not always checked

Reason for the 'Use with caution' result

The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges:

Failure criteria

  • Lack of input sanitisation
  • Execution of unprepared SQL statements
  • Failure to use available core functionality

Read more about our failure criteria.