Findings
- SQL escaping is somewhat idiosyncratic – i.e. “(int)htmlspecialchars()”
- Uses htmlspecialchars() combined with casting to int (instead of just casting to int, or absint()), and uses abs( (int) … ) instead of the WP function absint()
Plugin inspection:
Network Latest Posts
No issues found
Last revised:
Confidence: Medium
This plugin has been given a short, targeted code review.
We didn't find anything worrying in this plugin. It's probably safe. Read more about this recommendation.
Warnings
This recommendation applies to version 3.5.5 of this plugin, but the most recent version is 3.7.1. These findings may no longer be correct.
Failure criteria
- Execution of unprepared SQL statements
- Failure to use available core functionality
Read more about our failure criteria.