Project: Custom Tokens
Security risk: *Critical* 16∕25
Vulnerability: Arbitrary PHP code execution
The Custom Tokens module enables you to create custom tokens for specific
replacements that can improve other modules relying on the token API.
The module doesn't sufficiently identify that its custom permissions are
risky and should only be granted to highly trusted roles.