Findings
- SQL escaping is somewhat idiosyncratic – i.e. “(int)htmlspecialchars()”
- Uses htmlspecialchars() combined with casting to int (instead of just casting to int, or absint()), and uses abs( (int) … ) instead of the WP function absint()
Plugin inspection:
Network Latest Posts
No issues found
Last revised:
Confidence: Medium
This plugin has been given a short, targeted code review.
We didn't find anything worrying in this plugin. It's probably safe. Read more about this recommendation.
Failure criteria
- Execution of unprepared SQL statements
- Failure to use available core functionality
Read more about our failure criteria.