The tool is very useful, but extremely dangerous! Even when disabled in /wp-admin/plugins.php, the PHP files can still be accessed directly. They require no authentication whatsoever but offer full access to the database.
The only limit i found, is that you have to guess the database name and prefix, which is not so hard in most cases.
I've disclosed all details to the author, but got no reply at all.
@Author: please fix this
You must log in to submit a review. You can also log in or register using the form near the top of this page.