Plugin Name: Traffic Counter Widget Plugin

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$before_title'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$options["wp_wtc_WidgetTitle"]'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$after_title'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$after_widget'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$options['wp_wtc_WidgetText_LastWeek']'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$options['wp_wtc_WidgetText_LastMonth']'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$options['wp_wtc_WidgetText_Online']'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$options['wp_wtc_WidgetTitle']'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$options['wp_wtc_WidgetText_Visitors']'.

Unescaped parameter $sql used in $wpdb->get_var($sql)\n$sql assigned unsafely at line 134:\n $sql .= ' AND IS_BOT <> 1'\n$sql assigned unsafely at line 131:\n $sql .= ' AND IS_HIT = 1 '\n$sql assigned unsafely at line 128:\n $sql = "SELECT COUNT(".($unique ? "DISTINCT IP" : "*").") FROM $table_name where Time > ".$stime\n$options['wp_wtc_WidgetText_bots_filter'] used without escaping.\n$table_name assigned unsafely at line 124:\n $table_name = $wpdb->prefix . "wtc_log"\n$options assigned unsafely at line 125:\n $options = get_wtc_options()