Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder

Use placeholders and $wpdb->prepare(); found $action_query

Processing form data without nonce verification.

Use of a direct database call is discouraged.

Use placeholders and $wpdb->prepare(); found interpolated variable $table_name at "SELECT COUNT(form_id) FROM $table_name"

Unescaped parameter $action_query used in $wpdb->query()\n$action_query assigned unsafely at line 113.

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'.

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$arrow_image".

Function "get_user()" requires WordPress 6.7.0, but your plugin minimum supported version is WordPress 6.5.0.

Missing $domain parameter in function call to __().

Unescaped parameter $this->store->table_gutenaforms_entries used in $wpdb->get_results()

Detected usage of meta_key, possible slow query.

Detected usage of meta_value, possible slow query.

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

$_GET['orderby'] not unslashed before sanitization. Use wp_unslash() or similar

Editor blocks must define "apiVersion" 3 or higher in block.json for WordPress 7.0+ iframe editor compatibility.

Found call to wp_enqueue_script() with external resource. Offloading scripts to your servers or any remote service is disallowed.

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "is_gutena_forms_pro".

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

Detected usage of a non-sanitized input variable: $_REQUEST['form_entry_id']

Plugin name "Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder" is different from the name declared in plugin header "Gutena Forms - Contact Forms Block".

Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.