- SQL is not escaped where it is executed
- Forms in the back-end are not properly escaped, but they all appear to require nonces
Reason for the 'Use with caution' result
The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges:
Might contain SQLi.