This plugin is likely to contain an SQL injection exploitable by privileged users. It uses sprintf throughout to assemble queries, which offers no security when adding user-controllable parameters to strings.
Some other less serious issues are present:
- This plugin’s testing framework has been left in the production code
- User input is not sanitised
- Nonces are used sporadically, and not always checked
Reason for the 'Use with caution' result
The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges: