Simple Lightbox

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.

Unescaped parameter $q used in $wpdb->get_results($q)\n$q assigned unsafely at line 1076:\n $q = $wpdb->prepare( "SELECT post_id, meta_value FROM $wpdb->postmeta WHERE `meta_key` = %s AND LOWER(`meta_value`) IN $uris_flat LIMIT %d", '_wp_attached_file', count( $uris_base ) )\n$uris_flat assigned unsafely at line 1075:\n $uris_flat = "('" . implode( "','", array_keys( $uris_base ) ) . "')"

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'.

The use of function eval() is forbidden

Use placeholders and $wpdb->prepare(); found $q

mt_rand() is discouraged. Use the far less predictable wp_rand() instead.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$out'.

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'.