Findings
- Values are put into SQL without escaping
- Does not appear to sanitise data from
$_REQUESTbefore putting it into URLs (but the URLs appear to be escaped correctly using esc_url()) - No other issues found
Plugin inspection:
CMS Page Order
No issues found
Last revised:
Confidence: Medium
This plugin has been given a short, targeted code review.
We didn't find anything worrying in this plugin. It's probably safe. Read more about this recommendation.
Failure criteria
- Execution of unprepared SQL statements
Read more about our failure criteria.