Import users into your WordPress or WooCommerce site, including their metadata, using a CSV file.
| Code | Message | Location | Category | |
|---|---|---|---|---|
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $post_id used in $wpdb->get_results("SELECT * FROM {$wpdb->prefix}ultimate_csv_importer_shortcode_manager WHERE post_id='{$post_id}' AND media_id = '{$attach_id}'")\n$post_id used without escaping.\n$attach_id assigned unsafely at line 91:\n $attach_id = $attachment_id[0]['ID']\n$attachment_id[0]['ID'] used without escaping. | 94:28 | Security |
| ERROR | WordPress.WP.I18n.TextDomainMismatch | Mismatched text domain. Expected 'import-users' but got 'wp-ultimate-csv-importer'. | 61:276 | General |
| ERROR | WordPress.WP.AlternativeFunctions.unlink_unlink | unlink() is discouraged. Use wp_delete_file() to delete a file. | 53:5 | Plugin Repo |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $data_array['user_pass'] used in $wpdb->get_results("UPDATE {$wpdb->prefix}users SET user_pass = '{$data_array['user_pass']}' WHERE ID = $retID")\n$data_array['user_pass'] assigned unsafely at line 85:\n $data_array['user_pass']=wp_hash_password($data_array['user_pass'])\n$data_array['user_pass'] assigned unsafely at line 74:\n $data_array['user_pass'] = wp_generate_password( 12, false )\n$retID assigned unsafely at line 95:\n $retID = wp_insert_user($data_array)\n$data_array assigned unsafely at line 69:\n $data_array = apply_filters('smack_csv_modify_userdata_filter', $data_array) | 98:12 | Security |
| ERROR | WordPress.WP.AlternativeFunctions.parse_url_parse_url | parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead. | 63:10 | Plugin Repo |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $image_title used in $wpdb->get_results("SELECT ID FROM {$wpdb->prefix}posts WHERE post_type = 'attachment' AND guid LIKE '%$image_title%'")\n$image_title assigned unsafely at line 71:\n $image_title=preg_replace('/\\\\.[^.\\\\s]{3,4}$/', '', $img_url)\n$img_url assigned unsafely at line 62:\n $img_url = urldecode($encodedurl)\n$encodedurl assigned unsafely at line 61:\n $encodedurl = urlencode($img_url) | 83:29 | Security |
| ERROR | WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "uci_init". | 102:24 | Plugin Repo |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $post_id used in $wpdb->get_var("SELECT post_title FROM {$wpdb->prefix}posts WHERE ID = '{$post_id}' AND post_status != 'trash'")\n$post_id used without escaping. | 402:24 | Security |
| ERROR | WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$userimp_class". | 114:1 | Plugin Repo |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $attach_id used in $wpdb->get_results("SELECT ID FROM {$wpdb->prefix}posts WHERE ID ='{$attach_id}' AND post_title ='image-failed' AND post_type = 'attachment' AND guid LIKE '%$image_title%'")\n$attach_id assigned unsafely at line 91:\n $attach_id = $attachment_id[0]['ID']\n$image_title assigned unsafely at line 71:\n $image_title=preg_replace('/\\\\.[^.\\\\s]{3,4}$/', '', $img_url)\n$attachment_id[0]['ID'] used without escaping.\n$img_url assigned unsafely at line 62:\n $img_url = urldecode($encodedurl)\n$encodedurl assigned unsafely at line 61:\n $encodedurl = urlencode($img_url) | 92:25 | Security |
| 11/14/2025, 4:34:47 AM | 11s | 61 | 35 | 131 |