This plugin contains a full path disclosure vulnerability: in certain configurations accessing a certain url will reveal the location of the WordPress installation on the server.
Includes the source code of a metaboxes library – including test and configuration files – this does not seem to be unsafe or used unsafely: https://github.com/WebDevStudios/Custom-Metaboxes-and-Fields-for-WordPress
Reason for the 'Use with caution' result
The plugin has been given this recommendation at the tester's discretion:
This plugin contains a full path disclosure vulnerability if display_errors is switched on.