This plugin displays all the comments received on your various posts in a single page with filter, enabling the readers to read all the comments in a …
| Code | Message | Location | Category | |
|---|---|---|---|---|
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $post_type used in $wpdb->get_results("\n SELECT * \n FROM $wpdb->comments as c\n INNER JOIN $wpdb->posts as p \n ON c.comment_post_ID = p.ID\n WHERE p.post_type IN($post_type) AND p.ID NOT IN($exclude_post) AND p.ID IN($sac_posts) AND c.comment_approved = 1 \n ORDER BY c.comment_date $order \n ")\n$post_type assigned unsafely at line 363:\n $post_type = "'" . $post_type . "'"\n$post_type assigned unsafely at line 362:\n $post_type = implode("','", $post_type)\n$post_type assigned unsafely at line 285:\n $post_type = array($_REQUEST['sac_post_types'])\n$exclude_post assigned unsafely at line 365:\n $exclude_post = implode(',', $exclude_post)\n$exclude_post assigned unsafely at line 316:\n $exclude_post = explode(',', $exclude_post)\n$exclude_post assigned unsafely at line 315:\n $exclude_post = get_option('bt_exclude_post')\n$sac_posts assigned unsafely at line 383:\n $sac_posts = $_REQUEST['sac_posts']\n$_REQUEST['sac_post_types'] used without escaping.\n$_REQUEST['sac_posts'] used without escaping. | 384:40 | Security |
| ERROR | WordPress.WP.I18n.MissingArgDomain | Missing $domain parameter in function call to _e(). | 119:166 | General |
| ERROR | WordPress.Security.EscapeOutput.UnsafePrintingFunction | All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. | 119:166 | Security |
| ERROR | WordPress.WP.I18n.MissingArgDomain | Missing $domain parameter in function call to _e(). | 120:165 | General |
| ERROR | WordPress.Security.EscapeOutput.UnsafePrintingFunction | All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. | 120:165 | Security |
| ERROR | WordPress.WP.I18n.MissingArgDomain | Missing $domain parameter in function call to _e(). | 126:43 | General |
| ERROR | WordPress.Security.EscapeOutput.UnsafePrintingFunction | All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. | 126:43 | Security |
| ERROR | WordPress.WP.I18n.MissingArgDomain | Missing $domain parameter in function call to _e(). | 129:172 | General |
| ERROR | WordPress.Security.EscapeOutput.UnsafePrintingFunction | All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. | 129:172 | Security |
| ERROR | WordPress.WP.I18n.MissingArgDomain | Missing $domain parameter in function call to _e(). | 130:171 | General |
| 16.11.2025, 03:37:36 | 10s | 55 | 107 | 92 |