SEOPress – AI SEO Plugin & On-site SEO

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$add_to_cart_option".

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$backdrop'.

Processing form data without nonce verification.

$_POST[$value] not unslashed before sanitization. Use wp_unslash() or similar

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "postmeta_form_limit".

Processing form data without nonce verification.

Use of a direct database call is discouraged.

Detected usage of a non-sanitized input variable: $_FILES['import_file']['name']

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

Function "wp_get_ability_category()" requires WordPress 6.9.0, but your plugin minimum supported version is WordPress 6.5.0.

Use placeholders and $wpdb->prepare(); found $post_types

Unescaped parameter $post_types used in $wpdb->get_results()\n$post_types assigned unsafely at line 31.

Use placeholders and $wpdb->prepare(); found interpolated variable $blog_id at "SELECT * FROM $table_name WHERE blog_id = $blog_id"

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "add_bulk_action_filters".

Detected usage of meta_query, possible slow query.

Detected usage of a possibly undefined superglobal array index: $_FILES['import_file']['name']. Check that the array index exists before using it.

Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.

Detected usage of tax_query, possible slow query.

The plugin name includes a restricted term. Your chosen plugin name - "SEOPress - AI SEO Plugin & On-site SEO" - contains the restricted term "plugin" which cannot be used at all in your plugin name.

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

Unescaped parameter $table_name used in $wpdb->get_results()\n$table_name assigned unsafely at line 23.

SQL wildcards for a LIKE query should be passed in through a replacement parameter. Found: LIKE '\_%%'.

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$value['filter']".