Event Organiser

Mismatched text domain. Expected 'event-organiser' but got 'eventorganiser'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<div id='{$id}_content' class='eo-widget-cal-wrap' data-eo-widget-cal-id='{$id}' >"'.

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: &quot;_eo_format_datetime_range&quot;.

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$EO_Errors&quot;.

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

Processing form data without nonce verification.

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

Detected usage of a non-sanitized input variable: $_COOKIE[&#039;eo_admin_cal_last_view&#039;]

Use of a direct database call is discouraged.

Missing $domain parameter in function call to __().

$_COOKIE[&#039;eo_admin_cal_last_view&#039;] not unslashed before sanitization. Use wp_unslash() or similar

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

Detected usage of a possibly undefined superglobal array index: $_FILES[&#039;ics&#039;][&#039;tmp_name&#039;]. Check that the array index exists before using it.

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: &quot;add_meta_boxes_event_page_venues&quot;.

Processing form data without nonce verification.

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: &quot;EO_Admin_Notice_Handler&quot;.

The parameter "$args" at position #2 of get_terms() has been deprecated since WordPress version 4.5.0. Instead do not pass the parameter.

Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.

Use placeholders and $wpdb->prepare(); found $delete_columns

Use placeholders and $wpdb-&gt;prepare(); found interpolated variable $eventorganiser_venue_table at &quot; SELECT venue_slug, venue_address, venue_postal, venue_country, venue_lng, venue_lat, venue_description FROM $eventorganiser_venue_table&quot;

Unescaped parameter $delete_columns used in $wpdb->query()\n$delete_columns assigned unsafely at line 205.

Attempting a database schema change is discouraged.

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;DATETIMEOBJ&quot;.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$duration_str'.