Plugin inspection:

File Gallery

Use with caution

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

Before using this plugin, you should carefully consider these findings. Read more about this recommendation.

Warnings

This recommendation applies to version 1.7.7 of this plugin, but the most recent version is 1.8.5.4. These findings may no longer be correct.

Findings

  • Triggers errors
  • Allows administrators to execute arbitrary PHP code
  • Some SQL is not escaped, and it looks vulnerable
  • Contains unescaped POST variables, but I couldn’t immediately find any vulnerable ones due to good nonce usage

Reason for the 'Use with caution' result

The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges:

Failure criteria

  • Execution of unprepared SQL statements
  • Unsafe generation of PHP code
  • Lack of proper output escaping

Read more about our failure criteria.