This plugin is likely to contain vulnerabilities which are exploitable by privileged users. It appears to be possible to upload PHP files, which could be executed if not prohibited by the server’s configuration. The file upload handling code also appears to be vulnerable to SQL injection.
This plugin does not use nonces to protect admin forms.
Reason for the 'Use with caution' result
The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges: