Stop Contact Form 7 Spam & WPForms Spam – Free Protection

Use placeholders and $wpdb->prepare(); found $sql

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "grunion_optimize_table".

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$csv_content'.

Use of a direct database call is discouraged.

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

Unescaped parameter $table_name used in $wpdb->get_row($wpdb->prepare(\n "SELECT * FROM {$table_name} WHERE allow_deny = %s AND type = %s AND value = %s",\n $where['allow_deny'],\n $where['type'],\n $where['value']\n ))\n$table_name assigned unsafely at line 188:\n $table_name = $wpdb->prefix . 'fwantispam_allow_deny'\n$csv_data assigned unsafely at line 185:\n $csv_data = array_map( "str_getcsv", explode( "\\n", $csv_file_data ) )\n$row used without escaping.\n$row[0] used without escaping.\n$csv_file_data assigned unsafely at line 183:\n $csv_file_data = file_get_contents( $movefile['file'] )\n$movefile['file'] used without escaping.

Use placeholders and $wpdb->prepare(); found interpolated variable {$table_name} at "SELECT * FROM {$table_name} WHERE allow_deny = %s AND type = %s AND value = %s"

Use of a direct database call is discouraged.

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

Use of a direct database call is discouraged.