WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

Use of a direct database call is discouraged.

Unescaped parameter $attachment_files_table used in $wpdb->query()\n$attachment_files_table assigned unsafely at line 143.

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$am_announcement_params".

Processing form data without nonce verification.

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "WPMS_PHP_VER".

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "admin_head".

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

Processing form data without nonce verification.

The plugin name includes a restricted term. Your chosen plugin name - "WP Mail SMTP by WPForms - The Most Popular SMTP and Email Log Plugin" - contains the restricted term "plugin" which cannot be used at all in your plugin name.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$error'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$help_text'.

unlink() is discouraged. Use wp_delete_file() to delete a file.

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

The use of function set_time_limit() is discouraged

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

print_r() found. Debug code should not normally be used in production.

var_dump() found. Debug code should not normally be used in production.

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writeable().

Missing $domain parameter in function call to esc_html__().

Plugin name "WP Mail SMTP by WPForms - The Most Popular SMTP and Email Log Plugin" is different from the name declared in plugin header "WP Mail SMTP".

The "/vendor" directory using composer exists, but "composer.json" file is missing.

The "Network" header in the plugin file is not valid. Can only be set to true, and should be left out when not needed.

Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.