bbP topic count

Sanitization missing for register_setting().

Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.

Unescaped parameter $type used in $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts, $wpdb->postmeta\t\r\n\tWHERE $wpdb->posts.post_type = '$type'\r\n\tAND ( $wpdb->posts.post_status = 'publish' OR $wpdb->posts.post_status = 'private' )\r\n\tAND $wpdb->posts.post_author = '$user_id'\r\n\tAND $wpdb->posts.ID = $wpdb->postmeta.post_id \r\n AND $wpdb->postmeta.meta_key = '_bbp_forum_id'\r\n AND $wpdb->postmeta.meta_value = '$forum' ")\n$type assigned unsafely at line 143:\n $type = bbp_get_reply_post_type()

Processing form data without nonce verification.

$_GET['tab'] not unslashed before sanitization. Use wp_unslash() or similar

Detected usage of a non-sanitized input variable: $_GET['tab']

Use of a direct database call is discouraged.

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

Unescaped parameter $where used in $wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->posts} $where AND post_parent = '$forum' ")\n$where assigned unsafely at line 134:\n $where = get_posts_by_author_sql( bbp_get_topic_post_type(), true, $user_id ) \n$forum used without escaping.\n$user_id used without escaping.

Use placeholders and $wpdb->prepare(); found interpolated variable $where at "SELECT COUNT(*) FROM {$wpdb->posts} $where AND post_parent = '$forum' "