The plugin includes a substantial library of generic classes, much of which goes unused by this specific plugin.

The plugin logs user’s IP addresses in certain configs, which could be a data protection issue in some contexts.

Some SQL SELECT queries which do not involve user-controlled data are run unprepared.

The plugin has been given this recommendation at the tester's discretion:

At over 10,000 lines of PHP this is a very large plugin, which makes it difficult to thoroughly assess.