The first (and biggest problem) with this plugin is, that it doesn’t generate the code with the plugin code. The plugin is just a proxy that calls a remote server that produces some code and then downloads it into the WP installation. So the owner of the remote server has your installation in his hands. He could send you any sort of code he wants, opening backdoors, hijacking your complete installation.
The other problem is that the code of the plugin is crap. It takes any incoming POST response and just uses it without validation or sanitization. But this is just another security concern.
Long story short: Don’t use this plugin. Simply don’t.
- The topic ‘Don't use this plugin’ is closed to new replies.