The FindInPath function is vulnerable to directory traversal attacks, potentially permitting attackers to execute arbitrary binaries.
This function does not sanitize its plugin parameter, so parameter names containing "../" or other such elements may reference arbitrary locations on the filesystem.