Findings
- Contains stored XSS vulnerability in settings page
- Contains unescaped SQL queries
- Contains calls to mysql_* functions where $wpdb could have been used (the mysql_* functions are now deprecated by PHP)
- Contains CSRF vulnerability in settings page
Reason for the 'Potentially unsafe' result
The plugin contains or is likely to contain a vulnerability which could be exploited by an end user and which would compromise the site’s confidentiality, integrity or availability: