- Values are put into SQL without escaping
- Does not appear to sanitise data from
$_REQUESTbefore putting it into URLs (but the URLs appear to be escaped correctly using esc_url())
- No other issues found
Read more about our failure criteria.
|Execution of unprepared SQL statements|
We conduct these inspections for our own use, and publish them in the hope that they may be useful to others. We don't guarantee that these findings are correct.
Please read this site's terms of service before taking any action based on information published here.
- Tom Adams
- Last revised
- March 16, 2017
- Versions tested
- Plugin homepage
- CMS Page Order
- Other versions