- At over 34,000 lines of PHP this is a very large plugin, which makes it difficult to thoroughly assess
- SQL is not consistently escaped (i.e. non_pope/class.photocrati_cache.php line 156, products/photocrati_nextgen/modules/datamapper/module.datamapper.php line 167, products/photocrati_nextgen/modules/nextgen_gallery_display/class.displayed_gallery.php line 787)
- The ngg_init_check option is inserted into create_function() meaning a user able to modify the wp-options table could potentially perform arbitrary code execution. This option is deprecated and cannot be set through the admin interface, but could potentially be set by exploiting an SQL injection. Due to the size of the codebase it has not been possible to verify whether a compatible SQL injection exists in the code of this plugin.
- Uses eval() on something other than a string literal (pope/lib/class.extensibleobject.php line 879)
Reason for the 'Potentially unsafe' result
The plugin contains or is likely to contain a vulnerability which could be exploited by an end user and which would compromise the site’s confidentiality, integrity or availability:
- May contain SQL injection vulnerabilities
- In conjunction with an SQL injection it might contain an arbitrary code execution vulnerability. Such an exploit would most likely be accessible only to admin users.