Ultra Addons for Contact Form 7

Mismatched text domain. Expected 'ultimate-addons-for-contact-form-7' but got "ultimate-addons-cf7".

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$action'.

$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar

Processing form data without nonce verification.

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$field".

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

Detected usage of a non-sanitized input variable: $_FILES[$tag->name]

Missing $domain parameter in function call to __().

The $text parameter must be a single text string literal. Found: $background_color

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

Processing form data without nonce verification.

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

Detected usage of a possibly undefined superglobal array index: $_FILES[$tag->name]. Check that the array index exists before using it.

Use of a direct database call is discouraged.

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

File and folder names must not contain spaces or special characters.

Found call to wp_enqueue_script() with external resource. Offloading scripts to your servers or any remote service is disallowed.

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

The $text text string should have translatable content. Found: ""

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "after_appsero_license_section".

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$key . '_icon'".

Function "delete_term_meta()" requires WordPress 4.4.0, but your plugin minimum supported version is WordPress 4.2.0.

Multiple placeholders in translatable strings should be ordered. Expected "%1$1s, %2$2s", but got "%1s, %2s" in 'Confused? Check our Documentation on %1s and %2s.'.

Use placeholders and $wpdb->prepare(); found interpolated variable $table_name at "SELECT * FROM $table_name WHERE form_id= %d ORDER BY submission_id DESC "

Unescaped parameter $table_name used in $wpdb->get_row()\n$table_name assigned unsafely at line 33.