Page Builder by SiteOrigin

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$args['before_widget']'.

A function call to esc_html__() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

A function call to esc_html__() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

A function call to esc_html__() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "in_widget_form".

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "sidebar_admin_setup".

Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in 'New Classic Editor posts/pages that you create will start with the Page Builder loaded. The %s"Use Classic Editor for New Posts"%s setting must be enabled.'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

Unescaped parameter $include_private used in $wpdb->get_results("\n\t\t\t\tSELECT SQL_CALC_FOUND_ROWS DISTINCT ID, post_title, meta.meta_value\n\t\t\t\tFROM {$wpdb->posts} AS posts\n\t\t\t\tJOIN {$wpdb->postmeta} AS meta ON posts.ID = meta.post_id\n\t\t\t\tWHERE\n\t\t\t\t\tposts.post_type = '" . esc_sql( $post_type->name ) . "'\n\t\t\t\t\tAND meta.meta_key = 'panels_data'\n\t\t\t\t\t" . ( ! empty( $search ) ? 'AND posts.post_title LIKE "%' . esc_sql( $search ) . '%"' : '' ) . "\n\t\t\t\t\tAND ( posts.post_status = 'publish' OR posts.post_status = 'draft' " . $include_private . ')\n\t\t\t\tORDER BY post_date DESC\n\t\t\t\tLIMIT 16 OFFSET ' . (int) ( $page_num - 1 ) * 16)\n$include_private assigned unsafely at line 384:\n $include_private = $user_can_read_private ? "OR posts.post_status = 'private' " : ''\n$results assigned unsafely at line 387:\n $results = $wpdb->get_results( "\n\t\t\t\tSELECT SQL_CALC_FOUND_ROWS DISTINCT ID, post_title, meta.meta_value\n\t\t\t\tFROM {$wpdb->posts} AS posts\n\t\t\t\tJOIN {$wpdb->postmeta} AS meta ON posts.ID = meta.post_id\n\t\t\t\tWHERE\n\t\t\t\t\tposts.post_type = '" . esc_sql( $post_type->name ) . "'\n\t\t\t\t\tAND meta.meta_key = 'panels_data'\n\t\t\t\t\t" . ( ! empty( $search ) ? 'AND posts.post_title LIKE "%' . esc_sql( $search ) . '%"' : '' ) . "\n\t\t\t\t\tAND ( posts.post_status = 'publish' OR posts.post_status = 'draft' " . $include_private . ')\n\t\t\t\tORDER BY post_date DESC\n\t\t\t\tLIMIT 16 OFFSET ' . (int) ( $page_num - 1 ) * 16 )\n$post_type->name used without escaping.\n$search assigned unsafely at line 238:\n $search = ! empty( $_REQUEST['search'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['search'] ) ) : ''\nNote: sanitize_text_field() is not a safe escaping function.\n$_REQUEST['search'] used without escaping.