Source Information: - Plugin: - Version: - File: - Last Change: Revision , by , 11 years ago Potential Vulnerabilities: - Missing Nonce: The code uses within an statement checking for , which means nonces might not be properly enforced in some cases. - Unsanitized Input: Some input values are directly echoed back via without sanitization, increasing the risk of XSS attacks. - Direct Output of User Input: Values from and the array are often echoed directly, which could lead to injection attacks. - Insecure File Handling: No validation is done on the parameter used to include content ( ), potentially allowing path traversal or template injection. - Deprecated PHP Functions: The use of older PHP syntax (e.g., ) may indicate outdated coding practices, which can introduce vulnerabilities. Code Review Recommendations: - Add checks for nonce usage outside of the conditional statement. - Sanitize all input before displaying or using it in dynamic content. - Validate file inclusions to prevent path traversal attacks. - Update code to follow modern PHP security best practices.