Plugin inspection:

File Gallery

Use with caution

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

Before using this plugin, you should carefully consider these findings. Read more about this recommendation.


  • Triggers errors
  • Allows administrators to execute arbitrary PHP code
  • Some SQL is not escaped, and it looks vulnerable
  • Contains unescaped POST variables, but I couldn’t immediately find any vulnerable ones due to good nonce usage

Reason for the 'Use with caution' result

The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges:

Failure criteria

  • Execution of unprepared SQL statements
  • Unsafe generation of PHP code
  • Lack of proper output escaping

Read more about our failure criteria.