Media Cleaner: Clean your WordPress!

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$issue'.

Unescaped parameter $table_scan used in $wpdb->get_results($wpdb->prepare( "SELECT id, type, postId, path, size, ignored, deleted, issue, time\n\t\t\t\t\t\tFROM $table_scan\n\t\t\t\t\t\t$whereSql\n\t\t\t\t\t\tAND path LIKE %s\n\t\t\t\t\t\t$orderSql\n\t\t\t\t\t\tLIMIT %d, %d", ( '%' . $search . '%' ), $skip, $limit\n\t\t\t\t\t))\n$table_scan assigned unsafely at line 792:\n $table_scan = $wpdb->prefix . "mclean_scan"\n$total assigned unsafely at line 874:\n $total = $this->count_trash($search)\n$search assigned unsafely at line 790:\n $search = sanitize_text_field( $request->get_param('search') )\nNote: sanitize_text_field() is not a safe escaping function.\n$request used without escaping.

Use placeholders and $wpdb->prepare(); found $q

unlink() is discouraged. Use wp_delete_file() to delete a file.

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$wpdb'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.