Independent Analytics – WordPress Analytics Plugin

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$account_addon_ids".

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" <a href='{$skip_url}' class='button button-small button-secondary'>{$use_plugin_anonymously_text}</a>"'.

Use placeholders and $wpdb-&gt;prepare(); found interpolated variable {$campaign_urls_table} at &quot;CREATE TABLE {$campaign_urls_table} (\n campaign_url_id bigint(20) UNSIGNED AUTO_INCREMENT,\n path varchar(2048), \n utm_source varchar(2048) NOT NULL, \n utm_medium varchar(2048) NOT NULL,\n utm_campaign varchar(2048) NOT NULL,\n utm_term varchar(2048),\n utm_content varchar(2048),\n created_at datetime NOT NULL,\n PRIMARY KEY (campaign_url_id)\n ) {$charset_collate}&quot;

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

Use of a direct database call is discouraged.

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: &quot;_fs_text&quot;.

Unescaped parameter $campaign_urls_table used in $wpdb-&gt;get_results()\n$campaign_urls_table assigned unsafely at line 87.

Attempting a database schema change is discouraged.

No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: &quot;Cache&quot;.

$_GET[$field] not unslashed before sanitization. Use wp_unslash() or similar

error_log() found. Debug code should not normally be used in production.

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

Processing form data without nonce verification.

Processing form data without nonce verification.

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;FS_API__ADDRESS&quot;.

Detected usage of a non-sanitized input variable: $_GET[$field]

Unescaped parameter $cities_tables used in $wpdb->query()\n$cities_tables assigned unsafely at line 75.

Missing $domain parameter in function call to __().

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'.

unlink() is discouraged. Use wp_delete_file() to delete a file.

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

Use placeholders and $wpdb->prepare(); found $query

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: &quot;fs_plugins_api&quot;.