Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

Use of a direct database call is discouraged.

Unescaped parameter $attachment_files_table used in $wpdb->query()\n$attachment_files_table assigned unsafely at line 103.

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$as_queue_runner".

$_POST['sd_code'] not unslashed before sanitization. Use wp_unslash() or similar

Processing form data without nonce verification.

Processing form data without nonce verification.

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" is less than iv length {$this->iv_num_bytes}"'.

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "admin_head".

Detected usage of a non-sanitized input variable: $_GET['sendlayer_quick_connect_disconnect_result']

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$help_text'.

Translatable string should not be wrapped in HTML. Found: '<p><a href="%1$s" target="_blank" rel="noopener noreferrer">Brevo</a> (formerly Sendinblue) is a transactional email provider and email marketing platform. It’s suitable for businesses of all sizes, as it offers scalable pricing plans that can grow with you. New business owners can use the free plan to send up to 300 emails a day without providing credit card details. As your needs change, you can upgrade to increase your sending limits.</p>'

Detected usage of a possibly undefined superglobal array index: $_POST['swpsmtp_smtp_host']. Check that the array index exists before using it.

unlink() is discouraged. Use wp_delete_file() to delete a file.

The plugin name includes a restricted term. Your chosen plugin name - "Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more" - contains the restricted term "wordpress" which cannot be used at all in your plugin name.

Function "wp_timezone()" requires WordPress 5.3.0, but your plugin minimum supported version is WordPress 5.2.0.

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "swpsmtp_settings".

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

The use of function set_time_limit() is discouraged

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

print_r() found. Debug code should not normally be used in production.

var_dump() found. Debug code should not normally be used in production.

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writeable().