Easily add tracking code snippets, conversion pixels, or other scripts required by third party services for analytics, marketing, or chat features.
| Code | Message | Location | Category | |
|---|---|---|---|---|
| ERROR | WordPress.Security.EscapeOutput.UnsafePrintingFunction | All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. | 1022:27 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $sql | 86:36 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $nnr_alter_sql used in $wpdb->query($nnr_alter_sql)\n$nnr_alter_sql assigned unsafely at line 172:\n $nnr_alter_sql = "ALTER TABLE `{$table_name}` ADD `spt_display_on` enum('both','posts','archives') NOT NULL DEFAULT 'both' AFTER `s_tags`"\n$table_name assigned unsafely at line 112:\n $table_name = $wpdb->prefix . self::$nnr_hfcm_table | 173:32 | Security |
| ERROR | WordPress.Security.EscapeOutput.UnsafePrintingFunction | All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. | 1039:31 | Security |
| ERROR | WordPress.WP.I18n.NonSingularStringLiteralText | The $text parameter must be a single text string literal. Found: $message | 1039:34 | General |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $nnr_hfcm_snippets_sql used in $wpdb->get_results($wpdb->prepare(\r\n $nnr_hfcm_snippets_sql,\r\n $nnr_hfcm_snippet_placeholder_args\r\n ))\n$nnr_hfcm_snippets_sql assigned unsafely at line 471:\n $nnr_hfcm_snippets_sql .= " AND location NOT IN ( 'header', 'footer' )"\n$nnr_hfcm_snippets_sql assigned unsafely at line 468:\n $nnr_hfcm_snippets_sql .= " AND location=%s"\n$script assigned unsafely at line 473:\n $script = $wpdb->get_results(\r\n $wpdb->prepare(\r\n $nnr_hfcm_snippets_sql,\r\n $nnr_hfcm_snippet_placeholder_args\r\n )\r\n )\n$nnr_hfcm_snippet_placeholder_args assigned unsafely at line 469:\n $nnr_hfcm_snippet_placeholder_args[] = $location\n$nnr_hfcm_snippet_placeholder_args[] used without escaping.\n$location used without escaping. | 473:30 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $nnr_hfcm_snippets_sql | 475:21 | Security |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$out'. | 624:34 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $nnr_alter_sql | 173:38 | Security |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'admin_url'. | 1059:41 | Security |
| 11/12/2025, 4:03:11 PM | 14s | 48 | 114 | 136 |