[This recommendation applies to version 2.4 of this plugin, but there is a more recent version of the plugin available. These findings may no longer be correct. There is a review for version 4.8]
Preforms unsafe file operations allowing unauthenticated users to read any file on the system and delete that file.
Also uses unprepared sql statements in such a way that it is likely to be exploitable.
Reason for the 'Potentially unsafe' result
The plugin contains or is likely to contain a vulnerability which could be exploited by an end user and which would compromise the site’s confidentiality, integrity or availability: