Contains over 8,000 lines of PHP, most of which is found in a directory named plainview_sdk.
plainview_sdk contains a function base::mime_type() which passes its argument to exec() without sanitisation. plainview_sdk contains a function base::download() which opens a file and outputs it. It is unknown if these functions would be accessible by an attacker.
No escaping of SQL, either in the plugin or in plainview_sdk.
No escaping of HTML.
Reason for the 'Use with caution' result
The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges:
The plugin contains unsafe calls to exec(), however it is unknown if this code is used. Lack of SQL escaping.