Plugin inspection:

Share Buttons by AddThis

No issues found

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

We didn't find anything worrying in this plugin. It's probably safe. Read more about this recommendation.

Findings

  • Uses mysql_real_escape_string(). Doesn’t appear to be used with SQL. (Note that this function has been removed from PHP). Except that file doesn’t appear to be required or included.
  • Generates HTML-embedded JavaScript in addthis_addjs_new.php.
  • Uses extract and parse_str on variables of unknown or user-controlled origin.