| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $currency_rule used in $wpdb->get_results($wpdb->prepare( "SELECT * FROM {$table_name} WHERE product_id = %d {$currency_rule} {$hidden_rule} AND date_created >= %s ORDER BY date_created ASC", $product_id, date( 'Y-m-d', strtotime( $str_range ) ) ))\n$currency_rule assigned unsafely at line 211:\n $currency_rule = ''\n$price_history assigned unsafely at line 217:\n $price_history = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$table_name} WHERE product_id = %d {$currency_rule} {$hidden_rule} AND date_created >= %s ORDER BY date_created ASC", $product_id, date( 'Y-m-d', strtotime( $str_range ) ) ), ARRAY_A )\n$product_id used without escaping.\n$str_range assigned unsafely at line 216:\n $str_range = '-' . str_replace( '_', ' ', $range )\n$range assigned unsafely at line 206:\n $range = $args['range'] ?? ''\n$args['range'] used without escaping. | includes/helper.php:217:37 | Security |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$min_prices_to_display'. | modules/chart/edit-product.php:33:224 | Security |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$count'. | modules/chart/edit-product.php:33:248 | Security |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$count'. | admin/edit-product.php:101:125 | Security |
| ERROR | WordPress.DateTime.RestrictedFunctions.date_date | date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead. | includes/helper.php:217:213 | — |
| ERROR | WordPress.WP.I18n.NoEmptyStrings | The $text text string should have translatable content. Found: ' ' | modules/chart/admin.php:65:52 | General |
| ERROR | WordPress.WP.I18n.NoEmptyStrings | The $text text string should have translatable content. Found: '' | modules/chart/admin.php:255:42 | General |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $currency_rule used in $wpdb->get_results($wpdb->prepare( "SELECT * FROM {$table_name} WHERE product_id = %d {$currency_rule} {$hidden_rule} ORDER BY date_created ASC", $product_id ))\n$currency_rule assigned unsafely at line 211:\n $currency_rule = ''\n$price_history assigned unsafely at line 220:\n $price_history = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$table_name} WHERE product_id = %d {$currency_rule} {$hidden_rule} ORDER BY date_created ASC", $product_id ), ARRAY_A )\n$product_id used without escaping. | includes/helper.php:220:37 | Security |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$label'. | admin/settings-api.php:467:65 | Security |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$form_id'. | admin/settings-api.php:989:32 | Security |