Findings
- At over 29,000 lines of PHP this is a very large plugin, which makes it difficult to thoroughly assess
- vendor/timthumb/timthumb.php contains a __destruct() method which deletes arbitrary files. However there appear to be no instances of timthumb.php being included so this is unlikely to be of use to an attacker
- Inserts values into SQL without escaping them
- Uses variables in create_function()
Reason for the 'Use with caution' result
The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges:
Does not escape SQL consistently, and uses create_function().