Plugin inspection:

Share Buttons by AddThis

No issues found

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

We didn't find anything worrying in this plugin. It's probably safe. Read more about this recommendation.

Warnings

This recommendation applies to version 5.3.2 of this plugin, but the most recent version is 6.2.6. These findings may no longer be correct.

Findings

  • Uses mysql_real_escape_string(). Doesn’t appear to be used with SQL. (Note that this function has been removed from PHP). Except that file doesn’t appear to be required or included.
  • Generates HTML-embedded JavaScript in addthis_addjs_new.php.
  • Uses extract and parse_str on variables of unknown or user-controlled origin.