Plugin inspection:

WordPress Post Tabs PRO

Use with caution

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

Before using this plugin, you should carefully consider these findings. Read more about this recommendation.


This plugin contains several instances where SQL statements contain user-submitted data but are not safely prepared. Although it appears that none of these usagesĀ are easily exploitable this is concerning.

It makes extensive use of the php ‘extract’ function and it is not clear that all these uses are safe.

Finally, the code contains several extremely large functions which extensively mix logic and html output, which makes it difficult to follow and difficult to make a clear assessment.

Reason for the 'Use with caution' result

The plugin meets a large number of failure criteria and is of poor quality, leading the tester to fear that subsequent versions of the plugin are likely to introduce vulnerabilities:

This plugin executes unprepared SQL statements

Failure criteria

  • Execution of unprepared SQL statements
  • Unsafe generation of PHP code
  • Poor coding style

Read more about our failure criteria.