- Generates PHP warnings
- SQL not escaped at the point of use in one case (document-repository.php line 617), but the values are easily identified as coming from an ID field in the database so seem unlikely to be a problem
This recommendation applies to version 0.2.5 of this plugin, but the most recent version is 0.2.4.1. These findings may no longer be correct.
Read more about our failure criteria.