Delete Me

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$disabled'.

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

Sample message

Use placeholders and $wpdb->prepare(); found $post_types_to_delete

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in 'Send a text email with deletion details each time a user deletes themselves using %s. This will go to the site administrator email (i.e. %s), the same email address used for new user notification.'.

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

Sample message

Unescaped parameter $this->user_ID used in $wpdb->get_results()

Sample message

Detected usage of a non-sanitized input variable: $_SERVER['REQUEST_URI']

Sample message

$_SERVER['REQUEST_URI'] not unslashed before sanitization. Use wp_unslash() or similar

Sample message

Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.