- Generates errors.
- Most SQL statements appear to be adequately escaped but not using wordpress core functions.
- Constructs absolute URIs itself, but neglects HTTPS and the port number.
- Seems to require separate header, footer files, which would not be compatible with some theme frameworks such as Roots.
- Administrators can perform local file inclusion attacks.
Reason for the 'Use with caution' result
The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges:
Administrators can perform local file inclusion attacks, for instance to execute arbitrary code they have uploaded via the media uploader or to learn the contents of /etc/passwd.