Findings
- At over 27,000 lines of PHP this plugin is very large and may require a more thorough review
- The plugin has the ability to install other plugins. That deserves more investigation but requires a pro account
- Trusts the values of Client-IP and X-Forwarded-For headers (this may be okay in some environments where those headers are trusted, or blocked from reaching the PHP server)
- No other issues found
Failure criteria
- Unsafe request processing
- Very large codebase
Read more about our failure criteria.