Add-on to the free Advanced Access Manager plugin that protects media files from direct access for visitors, roles or users
| Code | Message | Location | Category | |
|---|---|---|---|---|
| ERROR | plugin_header_invalid_license | Invalid License: This file is subject to the terms and conditions defined in. Please update your Plugin Header with a valid GPLv2 (or later) compatible license. | — | Plugin Repo |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. | 175:18 | Security |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. | 177:18 | Security |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. | 179:18 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $pm_query used in $wpdb->get_var($wpdb->prepare(\n $pm_query,\n array(\n '_wp_attached_file',\n ltrim($relpath_base, '/'),\n ltrim($relpath_full, '/')\n )\n ))\n$pm_query assigned unsafely at line 188:\n $pm_query .= "AND (meta_value = %s OR meta_value = %s)"\n$id assigned unsafely at line 190:\n $id = $wpdb->get_var(\n $wpdb->prepare(\n $pm_query,\n array(\n '_wp_attached_file',\n ltrim($relpath_base, '/'),\n ltrim($relpath_full, '/')\n )\n )\n )\n$relpath_base assigned unsafely at line 184:\n $relpath_base = str_replace($basedir['basedir'], '', $s)\n$relpath_full assigned unsafely at line 185:\n $relpath_full = str_replace($basedir['basedir'], '', $file_path)\n$basedir['basedir'] used without escaping.\n$s assigned unsafely at line 177:\n $s = preg_replace('/(-[\\d]+x[\\d]+)(\\.[\\w]+)$/', '$2', $file_path)\n$file_path assigned unsafely at line 174:\n $file_path = $this->_getFileFullpath() | 190:22 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $pm_query | 192:17 | Security |
| ERROR | WordPress.WP.AlternativeFunctions.file_system_operations_readfile | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: readfile(). | 303:13 | Plugin Repo |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $pm_query used in $wpdb->get_var($wpdb->prepare($pm_query,\n '_wp_attachment_metadata',\n '%:"' . $wpdb->esc_like($s) . '";%'\n ))\n$pm_query assigned unsafely at line 151:\n $pm_query .= "AND meta_value LIKE %s"\n$id assigned unsafely at line 153:\n $id = $wpdb->get_var($wpdb->prepare($pm_query,\n '_wp_attachment_metadata',\n '%:"' . $wpdb->esc_like($s) . '";%'\n ))\n$s assigned unsafely at line 140:\n $s = basename($file_path)\n$file_path assigned unsafely at line 137:\n $file_path = $this->_prepare_file_absolute_path() | 153:22 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $pm_query | 153:45 | Security |
| ERROR | WordPress.WP.AlternativeFunctions.file_system_operations_readfile | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: readfile(). | 247:13 | Plugin Repo |
| 16.11.2025, 02:20:04 | 9s | 93 | 12 | 10 |