Name: Media File Rename, Unused File Cleaner & CSV Export Import – Add Alt for Image SEO – Media Library Tools
Rating: 4.7
Author: Tiny Solutions

Issues Details

121 issues found in latest scan

	Code	Message	Location	Category
ERROR	`WordPress.DateTime.RestrictedFunctions.date_date`	date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.	`338:39`	—
ERROR	`WordPress.Security.EscapeOutput.OutputNotEscaped`	All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$plugin_name'.	`167:46`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $ids_to_update	`183:26`	Security
ERROR	`WordPress.Security.EscapeOutput.OutputNotEscaped`	All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$plugin_name'.	`169:69`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $date_query	`343:32`	Security
ERROR	`WordPress.DateTime.RestrictedFunctions.date_date`	date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.	`349:18`	—
ERROR	`WordPress.Security.EscapeOutput.OutputNotEscaped`	All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'.	`53:88`	Security
ERROR	`PluginCheck.Security.DirectDB.UnescapedDBParameter`	Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 980:\n $query = $wpdb->prepare(\n\t\t\t\t"SELECT * FROM $table_name WHERE status IN ( $placeholders_status ) AND file_type IN ( $extensions ) LIMIT %d OFFSET %d",\n\t\t\t\t$limit,\n\t\t\t\t$offset\n\t\t\t)\n$table_name assigned unsafely at line 964:\n $table_name = $wpdb->prefix . 'tsmlt_unlisted_file'\n$placeholders_status assigned unsafely at line 975:\n $placeholders_status = implode( ', ', $in_statuses )\n$extensions assigned unsafely at line 958:\n $extensions = implode( ', ', $extensions )\n$extensions assigned unsafely at line 951:\n $extensions = array_map(\n\t\t\tfunction ( $extension ) {\n\t\t\t\treturn "'" . esc_sql( $extension ) . "'";\n\t\t\t},\n\t\t\t$extensions\n\t\t)\n$in_statuses assigned unsafely at line 968:\n $in_statuses = array_map(\n\t\t\tfunction ( $status ) {\n\t\t\t\treturn "'" . esc_sql( $status ) . "'";\n\t\t\t},\n\t\t\t$in_statuses\n\t\t)\n$status assigned unsafely at line 946:\n $status = $parameters['fileStatus'] ?? 'show'\n$extension used without escaping.\n$parameters['fileStatus'] used without escaping.	`985:27`	Security
ERROR	`PluginCheck.Security.DirectDB.UnescapedDBParameter`	Unescaped parameter $query used in $wpdb->get_col($query)\n$query assigned unsafely at line 208:\n $query = $wpdb->prepare(\n\t\t\t"SELECT m.post_id FROM {$table_meta} AS m\n\t\tJOIN {$table_posts} AS p ON m.post_id = p.ID\n\t\tWHERE m.meta_key = '_elementor_data'\n\t\tAND m.meta_value LIKE %s\n\t\tAND {$useless_types_conditions}",\n\t\t\t$searchValue\n\t\t)\n$useless_types_conditions assigned unsafely at line 203:\n $useless_types_conditions = self::$useless_types_conditions	`216:17`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $query	`216:26`	Security

121 total row(s)

Media File Rename, Unused File Cleaner & CSV Export Import – Add Alt for Image SEO – Media Library Tools

Security103

Performance5

Plugin Repository2