SureForms – Drag & Drop Contact Form & Form Builder, Payment Form, Survey, Quiz & Calculator

Mismatched text domain. Expected 'sureforms' but got 'action-scheduler'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"The bulk action $action does not have a callback method"'.

Use of a direct database call is discouraged.

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "admin_memory_limit".

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Advanced_Heading".

Missing $domain parameter in function call to __().

Unescaped parameter $column_name used in $wpdb->get_var()

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$bg_color".

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "as_enqueue_async_action".

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$block_attrs'.

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$filter_name".

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

Function "wp_get_abilities()" requires WordPress 6.9.0, but your plugin minimum supported version is WordPress 6.4.0.

Use placeholders and $wpdb->prepare(); found interpolated variable {$action_id_string} at "UPDATE {$wpdb->actionscheduler_actions} SET claim_id = 0 WHERE action_id IN ({$action_id_string})"

var_export() found. Debug code should not normally be used in production.

File and folder names must not contain spaces or special characters.

The use of function ini_set() is discouraged

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "BSF_ANALYTICS_URI".

error_log() found. Debug code should not normally be used in production.

unlink() is discouraged. Use wp_delete_file() to delete a file.

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

Found call to wp_enqueue_script() with external resource. Offloading scripts to your servers or any remote service is disallowed.