One of the things we offer to help people keep their WordPress websites protected from vulnerabilities in WordPress plugins is our Plugin Security Checker, which flags the possibility of some instances of security issues in plugins.

To continue to improve the results being produced by that, we occasionally check issues being flagged by that when people run plugins from the WordPress plugin directory through that. Recently the plugin Code Manager was run through that. One of the issues identified was the possible misuse of the esc_sql() function: [Read more]