- There is a lot of unescaped data being put into SQL – in one case the only thing preventing SQLi is magic_quotes_gpc emulation (see the taxonomy parameter being used in YARPP_Admin::ajax_display_exclude_terms)
Reason for the 'Use with caution' result
The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges:
- May allow SQL injection
Read more about our failure criteria.
|Execution of unprepared SQL statements|
We conduct these inspections for our own use, and publish them in the hope that they may be useful to others. We don't guarantee that these findings are correct.
Please read this site's terms of service before taking any action based on information published here.
- Tom Adams
- Last revised
- September 26, 2017
- Versions tested
- Plugin homepage
- Yet Another Related Posts Plugin (YARPP)
- Other versions