• Triggers errors
• Allows administrators to execute arbitrary PHP code
• Some SQL is not escaped, and it looks vulnerable
• Contains unescaped POST variables, but I couldn’t immediately find any vulnerable ones due to good nonce usage

The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges: