YARPP – Yet Another Related Posts Plugin

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$add_image_size_by_yarpp".

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" name='include_post_type[{$post_type->name}]' id='include_post_type_{$post_type->name}' value='true' /> <label for='include_post_type_{$post_type->name}'>"'.

Use of a direct database call is discouraged.

$_GET[&#039;_wpnonce&#039;] not unslashed before sanitization. Use wp_unslash() or similar

Detected usage of a non-sanitized input variable: $_GET[&#039;_wpnonce&#039;]

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

Use placeholders and $wpdb->prepare(); found $args

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

Processing form data without nonce verification.

Detected usage of a possibly undefined superglobal array index: $_GET[&#039;page&#039;]. Check that the array index exists before using it.

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

Use placeholders and $wpdb-&gt;prepare(); found interpolated variable $charset_collate at \t\t\t)$charset_collate;&quot;

Function "get_user_count()" requires WordPress 4.8.0, but your plugin minimum supported version is WordPress 3.7.0.

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: &quot;get_the_score&quot;.

Attempting a database schema change is discouraged.

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: &quot;clean&quot;.

Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

Unescaped parameter $charset_collate used in $wpdb-&gt;query()\n$charset_collate assigned unsafely at line 157.

Unescaped parameter $in used in $wpdb->query()\n$in assigned unsafely at line 908.

Found usage of constant "STYLESHEETPATH". Use get_stylesheet_directory() instead.

Missing $domain parameter in function call to __().

The $text parameter must be a single text string literal. Found: 'There is a new beta (%s) of Yet Another Related Posts Plugin. ' .\n 'You can <a href="%s">download it here</a> at your own risk.'

The plugin name includes a restricted term. Your chosen plugin name - "YARPP - Yet Another Related Posts Plugin" - contains the restricted term "plugin" which cannot be used at all in your plugin name.