The WP Remote WordPress Plugin

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

Detected usage of meta_key, possible slow query.

Function "get_main_site_id()" requires WordPress 4.9.0, but your plugin minimum supported version is WordPress 4.0.0.

Unescaped parameter $query used in $wpdb->get_col()\n$query used without escaping.

Missing $domain parameter in function call to __().

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

Detected usage of meta_value, possible slow query.

The plugin name includes a restricted term. Your chosen plugin name - "The WP Remote WordPress Plugin" - contains the restricted term "plugin" which cannot be used at all in your plugin name.

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

phpinfo() can lead to full path disclosure.

Resource version not set in call to wp_register_style(). This means new versions of the style may not always be loaded due to browser caching.

Plugin name "The WP Remote WordPress Plugin" is different from the name declared in plugin header "WP Remote".

Plugin Updater detected. These are not permitted in WordPress.org hosted plugins. Detected: site_transient_update_plugins

Plugin Updater detected. Detected code which may be altering WordPress update routines. Detected: auto_update_plugin