| Code | Message | Location | Category | |
|---|---|---|---|---|
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$redirectUrl'. | 653:41 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $sql used in $wpdb->get_results($wpdb->prepare($sql,$request_noslash,$request_noslash."/"))\n$sql assigned unsafely at line 149:\n $sql = "SELECT $wpdb->posts.ID, $wpdb->postmeta.meta_value, $wpdb->posts.post_type FROM $wpdb->posts ".\n "LEFT JOIN $wpdb->postmeta ON ($wpdb->posts.ID = $wpdb->postmeta.post_id) WHERE ".\n " meta_key = 'custom_permalink' AND ".\n " meta_value != '' AND ".\n " (LOWER(meta_value) = LOWER('%s') OR ".\n " LOWER(meta_value) = LOWER('%s') ) ".\n " AND post_status!=\\"trash\\" AND post_type != \\"nav_menu_item\\" ". $forcematch .\n " ORDER BY LENGTH(meta_value) DESC,\n\t\t\t\t FIELD(post_status,\\"publish\\",\\"private\\",\\"draft\\",\\"auto-draft\\",\\"inherit\\"),\n\t\t\t\t FIELD(post_type,\\"post\\",\\"page\\"),\n\t\t\t\t $wpdb->posts.ID ASC "\n$forcematch assigned unsafely at line 145:\n $forcematch = " AND $wpdb->posts.ID = ".intval($_GET['preview_id'])." "\n$query used without escaping. | 161:18 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $sql | 161:45 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $sql used in $wpdb->get_results($wpdb->prepare($sql,$request_noslash,$request_noslash."/"))\n$sql assigned unsafely at line 220:\n $sql = "SELECT $wpdb->posts.ID, $wpdb->postmeta.meta_value, $wpdb->posts.post_type FROM $wpdb->posts ".\n\t\t\t\t"LEFT JOIN $wpdb->postmeta ON ($wpdb->posts.ID = $wpdb->postmeta.post_id) WHERE ".\n\t\t\t\t" meta_key = 'custom_permalink' AND ".\n\t\t\t\t" meta_value != '' AND ".\n\t\t\t\t" (LOWER(meta_value) = LOWER('%s') OR ".\n\t\t\t\t" LOWER(meta_value) = LOWER('%s') ) ".\n\t\t\t\t" AND post_status!=\\"trash\\" AND post_type != \\"nav_menu_item\\" ". $forcematch .\n\t\t\t\t" ORDER BY LENGTH(meta_value) DESC,\n\t\t\t\t FIELD(post_status,\\"publish\\",\\"private\\",\\"draft\\",\\"auto-draft\\",\\"inherit\\"),\n\t\t\t\t FIELD(post_type,\\"post\\",\\"page\\"),\n\t\t\t\t $wpdb->posts.ID ASC LIMIT 1"\n$forcematch assigned unsafely at line 215:\n $forcematch = " AND $wpdb->posts.ID = ".intval($_GET['preview_id'])." "\n$request assigned unsafely at line 205:\n $request = (($pos=strpos($request, '?')) ? substr($request, 0, $pos) : $request)\n$request assigned unsafely at line 204:\n $request = ltrim(substr($_SERVER['REQUEST_URI'], strlen($url)),'/')\n$pos assigned unsafely at line 205:\n $pos=strpos($request, '?'\n$_SERVER['REQUEST_URI'] used without escaping.\n$url assigned unsafely at line 203:\n $url = isset($url['path']) ? $url['path'] : ''\n$url['path'] used without escaping. | 232:18 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $sql | 232:45 | Security |
| ERROR | WordPress.WP.I18n.MissingArgDomain | Missing $domain parameter in function call to __(). | 364:51 | General |
| ERROR | WordPress.WP.I18n.MissingArgDomain | Missing $domain parameter in function call to __(). | 364:69 | General |
| ERROR | WordPress.WP.I18n.MissingArgDomain | Missing $domain parameter in function call to __(). | 376:25 | General |
| ERROR | WordPress.Security.EscapeOutput.UnsafePrintingFunction | All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. | 398:15 | Security |
| ERROR | WordPress.WP.I18n.TextDomainMismatch | Mismatched text domain. Expected 'enhanced-custom-permalinks' but got 'custom-permalink'. | 398:38 | General |
| 15.11.2025, 03:02:07 | 14s | 65 | 50 | 82 |