Jarvis

Unescaped parameter $sql_query used in $wpdb->get_results($wpdb->prepare( $sql_query, $sql_prepared ))\n$sql_query assigned unsafely at line 73:\n $sql_query = "SELECT\r\n\t\t\t\t$wpdb->terms.term_id as 'id',\r\n\t\t\t\t$wpdb->terms.`name` as 'title',\r\n\t\t\t\t$wpdb->term_taxonomy.taxonomy as 'type',\r\n\t\t\t\t'term' as 'kind',\r\n\t\t\t\t$wpdb->terms.slug as 'slug',\r\n\t\t\t\t$wpdb->terms.term_id = %s as 'exact_id',\r\n\t\t\t\tFLOOR( (LENGTH($wpdb->terms.term_id) - LENGTH(REPLACE(LOWER($wpdb->terms.term_id), LOWER(%s), '')) / LENGTH(%s)) ) as 'relv_id',\r\n\t\t\t\tFLOOR( (LENGTH($wpdb->term_taxonomy.taxonomy) - LENGTH(REPLACE(LOWER($wpdb->term_taxonomy.taxonomy), LOWER(%s), '')) / LENGTH(%s)) ) as 'relv_title',\r\n\t\t\t\tFLOOR( (LENGTH($wpdb->terms.`name`) - LENGTH(REPLACE(LOWER($wpdb->terms.`name`), LOWER(%s), '')) / LENGTH(%s)) ) as 'relv_type',\r\n\t\t\t\tFLOOR( LENGTH($wpdb->terms.slug) / LENGTH(REPLACE(LOWER($wpdb->terms.slug), LOWER(%s), '')) ) as 'relv_slug'\r\n\t\t\tFROM\r\n\t\t\t\t$wpdb->terms\r\n\t\t\tINNER JOIN\r\n\t\t\t\t$wpdb->term_taxonomy ON $wpdb->term_taxonomy.term_id = $wpdb->terms.term_id\r\n\t\t\tWHERE\r\n\t\t\t\t$wpdb->term_taxonomy.taxonomy IN ($taxonomies_sql)\r\n\t\t\t\tAND\t(\r\n\t\t\t\t\t(\r\n\t\t\t\t\t\t$wpdb->terms.`name` LIKE %s\r\n\t\t\t\t\t\tOR\r\n\t\t\t\t\t\t$wpdb->terms.slug LIKE %s\r\n\t\t\t\t\t)\r\n\t\t\t\t\tOR\r\n\t\t\t\t\t$wpdb->terms.term_id = %s\r\n\t\t\t\t)\r\n\t\tUNION\r\n\t\t\tSELECT\r\n\t\t\t\t$wpdb->posts.ID as 'id',\r\n\t\t\t\t$wpdb->posts.post_title as 'title',\r\n\t\t\t\t$wpdb->posts.post_type as 'type',\r\n\t\t\t\t'post' as 'kind',\r\n\t\t\t\t$wpdb->posts.post_name as 'slug',\r\n\t\t\t\t$wpdb->posts.ID = %s as 'exact_id',\r\n\t\t\t\tFLOOR( (LENGTH($wpdb->posts.ID) - LENGTH(REPLACE(LOWER($wpdb->posts.ID), LOWER(%s), '')) / LENGTH(%s)) ) as 'relv_id',\r\n\t\t\t\tFLOOR( (LENGTH($wpdb->posts.post_title) - LENGTH(REPLACE(LOWER($wpdb->posts.post_title), LOWER(%s), '')) / LENGTH(%s)) ) as 'relv_title',\r\n\t\t\t\tFLOOR( (LENGTH($wpdb->posts.post_type) - LENGTH(REPLACE(LOWER($wpdb->posts.post_type), LOWER(%s), '')) / LENGTH(%s)) ) as 'relv_type',\r\n\t\t\t\tFLOOR( (LENGTH($wpdb->posts.post_name) / LENGTH(REPLACE(LOWER($wpdb->posts.post_name), LOWER(%s), '')) ) ) as 'relv_slug'\r\n\t\t\tFROM\r\n\t\t\t\t$wpdb->posts\r\n\t\t\tWHERE\r\n\t\t\t\t$wpdb->posts.post_status NOT IN ($post_stati_exclude_sql)\r\n\t\t\tAND\r\n\t\t\t\t$wpdb->posts.post_type IN ($post_types_sql)\r\n\t\t\tAND (\r\n\t\t\t\t(\r\n\t\t\t\t\t$wpdb->posts.post_title LIKE %s\r\n\t\t\t\t\tOR\r\n\t\t\t\t\t$wpdb->posts.post_name LIKE %s\r\n\t\t\t\t)\r\n\t\t\t\tOR\r\n\t\t\t\t$wpdb->posts.ID = %s\r\n\t\t\t)\r\n\t\t\tAND $wpdb->posts.ID NOT IN ($post_exclude_sql)\r\n\t\tUNION\r\n\t\t\tSELECT\r\n\t\t\t\t$wpdb->users.ID as 'id',\r\n\t\t\t\t$wpdb->users.display_name as 'title',\r\n\t\t\t\t'user' as 'type',\r\n\t\t\t\t'user' as 'kind',\r\n\t\t\t\t$wpdb->users.user_email as 'slug',\r\n\t\t\t\t$wpdb->users.ID = %s as 'exact_id',\r\n\t\t\t\tFLOOR( (LENGTH($wpdb->users.ID) - LENGTH(REPLACE(LOWER($wpdb->users.ID), LOWER(%s), '')) / LENGTH(%s)) ) as 'relv_id',\r\n\t\t\t\tFLOOR( (LENGTH($wpdb->users.display_name) - LENGTH(REPLACE(LOWER($wpdb->users.display_name), LOWER(%s), '')) / LENGTH(%s)) ) as 'relv_title',\r\n\t\t\t\t0 as 'relv_type',\r\n\t\t\t\tFLOOR( (LENGTH($wpdb->users.user_email) / LENGTH(REPLACE(LOWER($wpdb->users.user_email), LOWER(%s), '')) ) ) as 'relv_slug'\r\n\t\t\tFROM\r\n\t\t\t\t$wpdb->users\r\n\t\t\tWHERE (\r\n\t\t\t\t$wpdb->users.display_name LIKE %s\r\n\t\t\t\tOR\r\n\t\t\t\t$wpdb->users.user_email LIKE %s\r\n\t\t\t\tOR\r\n\t\t\t\t$wpdb->users.user_login LIKE %s\r\n\t\t\t)\r\n\t\t\tOR\r\n\t\t\t$wpdb->users.ID = %s\r\n\t\tORDER BY\r\n\t\t\texact_id DESC,\r\n\t\t\trelv_id DESC,\r\n\t\t\trelv_slug DESC,\r\n\t\t\trelv_type DESC,\r\n\t\t\trelv_title DESC,\r\n\t\t\tkind ASC\r\n\t\tLIMIT 20\r\n\t\t"\n$taxonomies_sql assigned unsafely at line 71:\n $taxonomies_sql = "'" . implode( "','", $taxonomies ) . "'"\n$post_stati_exclude_sql assigned unsafely at line 47:\n $post_stati_exclude_sql = "'" . implode( "','", $post_stati_exclude ) . "'"\n$post_types_sql assigned unsafely at line 35:\n $post_types_sql = "'" . implode( "','", $post_types ) . "'"\n$post_exclude_sql assigned unsafely at line 59:\n $post_exclude_sql = "'" . implode("','", $post_exclude ) . "'"\n$taxonomies assigned unsafely at line 70:\n $taxonomies = apply_filters( 'jarvis/taxonomies', array_values( get_taxonomies( [ 'show_ui' => true ] ) ) )\n$post_stati_exclude assigned unsafely at line 46:\n $post_stati_exclude = apply_filters( 'jarvis/exclude_post_stati', [ 'revision', 'auto-draft', 'trash' ] )\n$post_types assigned unsafely at line 34:\n $post_types = apply_filters( 'jarvis/include_post_types', array_values( get_post_types( [ 'show_ui' => true ] ) ) )\n$post_exclude assigned unsafely at line 58:\n $post_exclude = apply_filters( 'jarvis/exclude_post_ids', [] )

Use placeholders and $wpdb->prepare(); found $sql_query

Tested up to: 6.3 < 6.8. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

Your plugin has a different license declared in the readme file and plugin header. Please update your readme with a valid GPL license identifier.

Short PHP opening tag used with echo; expected "<?php echo esc_attr ..." but found "<?= esc_attr ..."

Short PHP opening tag used with echo; expected "<?php echo esc_html ..." but found "<?= esc_html ..."

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "the_title".

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "the_title".

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'.

Short PHP opening tag used with echo; expected "<?php echo esc_attr ..." but found "<?= esc_attr ..."