WP125

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$before_widget'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$before_title'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$after_title'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$after_widget'.

Missing $domain parameter in function call to _e().

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.

Use placeholders and $wpdb->prepare(); found $adtable_name

Unescaped parameter $update used in $wpdb->query($update)\n$update assigned unsafely at line 33:\n $update = $wpdb->prepare("UPDATE ". $adtable_name ." SET clicks=clicks+1 WHERE id=%d", $theid)\n$adtable_name assigned unsafely at line 27:\n $adtable_name = $wpdb->prefix . "wp125_ads"\n$thead assigned unsafely at line 28:\n $thead = $wpdb->get_row($wpdb->prepare(\r\n \t\t"SELECT target FROM {$adtable_name} WHERE id = %d",\r\n \t\t$theid\r\n\t))\n$theid assigned unsafely at line 32:\n $theid = sanitize_text_field($theid)\nNote: sanitize_text_field() is not a safe escaping function.\n$theid assigned unsafely at line 25:\n $theid = $_GET['adclick']\n$_GET['adclick'] used without escaping.

Use placeholders and $wpdb->prepare(); found $update