Advanced WooCommerce product search plugin. Search inside any product field. Support for both AJAX search and search results page.
| Code | Message | Location | Category | |
|---|---|---|---|---|
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. | 32:172 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql assigned unsafely at line 155:\n $sql = "SELECT term, count\n FROM\n {$table_name}\n WHERE\n term LIKE '{$keyword_like}'\n {$query_sources}\n {$query_stock}\n {$query_visibility}\n {$query_exclude_products}\n {$query_lang}\n GROUP BY term\n ORDER BY count DESC\n LIMIT 0, {$this->fuzzy_params['max_similar_terms']}\n "\n$keyword_like assigned unsafely at line 151:\n $keyword_like = $wpdb->esc_like( substr( $search_term, 0, $this->fuzzy_params['term_like_prefix'] ) ) . "%"\n$query_sources assigned unsafely at line 143:\n $query_sources = sprintf( ' AND term_source IN ( %s )', $search_in_arr_string )\n$query_stock assigned unsafely at line 146:\n $query_stock = isset( $this->data['query_params'] ) && isset( $this->data['query_params']['stock'] ) ? $this->data['query_params']['stock'] : ''\n$query_visibility assigned unsafely at line 147:\n $query_visibility = isset( $this->data['query_params'] ) && isset( $this->data['query_params']['visibility'] ) ? $this->data['query_params']['visibility'] : ''\n$query_exclude_products assigned unsafely at line 148:\n $query_exclude_products = isset( $this->data['query_params'] ) && isset( $this->data['query_params']['exclude_products'] ) ? $this->data['query_params']['exclude_products'] : ''\n$query_lang assigned unsafely at line 149:\n $query_lang = isset( $this->data['query_params'] ) && isset( $this->data['query_params']['lang'] ) ? $this->data['query_params']['lang'] : ''\n$search_term used without escaping.\n$search_in_arr_string assigned unsafely at line 142:\n $search_in_arr_string = rtrim( $search_in_arr_string, "," )\n$search_in_arr_string assigned unsafely at line 140:\n $search_in_arr_string .= "'" . $s_source . "',"\n$s_source used without escaping. | 170:27 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $sql | 170:40 | Security |
| ERROR | WordPressVIPMinimum.Performance.WPQueryParams.SuppressFilters_suppress_filters | Setting `suppress_filters` to `true` is prohibited. | 66:17 | Performance |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. | 33:169 | Security |
| ERROR | WordPressVIPMinimum.Performance.WPQueryParams.SuppressFilters_suppress_filters | Setting `suppress_filters` to `true` is prohibited. | 188:21 | Performance |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. | 34:171 | Security |
| ERROR | WordPressVIPMinimum.Performance.WPQueryParams.SuppressFilters_suppress_filters | Setting `suppress_filters` to `true` is prohibited. | 139:21 | Performance |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. | 40:50 | Security |
| ERROR | WordPressVIPMinimum.Performance.WPQueryParams.SuppressFilters_suppress_filters | Setting `suppress_filters` to `true` is prohibited. | 228:17 | Performance |
| 11/12/2025, 11:53:47 PM | 36s | 16 | 193 | 372 |