Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<a class=\"add-new-h2\" href=\"$url\">"'.

Short PHP opening tag used with echo; expected "<?php echo ! ..." but found "<?= ! ..."

Processing form data without nonce verification.

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$_plan&quot;.

$_COOKIE[WP_PPRESS_SESSION_COOKIE] not unslashed before sanitization. Use wp_unslash() or similar

Processing form data without nonce verification.

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

Detected usage of a possibly undefined superglobal array index: $_FILES[&#039;wpua-file&#039;][&#039;name&#039;]. Check that the array index exists before using it.

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

Detected usage of a non-sanitized input variable: $_COOKIE[WP_PPRESS_SESSION_COOKIE]

Use of a direct database call is discouraged.

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: &quot; ppress_md_profile_cpf&quot;.

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

Missing $domain parameter in function call to __().

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead

Multiple placeholders in translatable strings should be ordered. Expected "%1$d, %2$s", but got "%d, %s" in 'Maximum upload file size: %d%s.'.

Use placeholders and $wpdb-&gt;prepare(); found interpolated variable $customer_Table at LEFT JOIN $customer_Table AS customer on customer.user_id = user.id \n

Unescaped parameter $order_table used in $wpdb-&gt;get_var()\n$order_table assigned unsafely at line 224.

Use placeholders and $wpdb->prepare(); found $args

No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.

Unescaped parameter $customer_Table used in $wpdb->get_results()\n$customer_Table assigned unsafely at line 126.

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

Mismatched text domain. Expected 'wp-user-avatar' but got 'mailoptin'.

strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.