Security fixes #11
Triggered via pull request
September 23, 2024 13:52
lloc
Status
Failure
Total duration
2m 46s
Artifacts
–
Annotations
10 errors and 10 warnings
|
WordPress.Security.EscapeOutput.OutputNotEscaped:
includes/MslsPlugin.php#L105
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'msls_output'.
|
|
WordPress.Security.EscapeOutput.OutputNotEscaped:
includes/MslsPostTag.php#L74
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$json'.
|
|
WordPress.Security.EscapeOutput.OutputNotEscaped:
includes/MslsPostTag.php#L163
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$title_format'.
|
|
WordPress.Security.EscapeOutput.OutputNotEscaped:
includes/MslsPostTag.php#L182
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$item_format'.
|
|
WordPress.Security.EscapeOutput.OutputNotEscaped:
includes/MslsPostTag.php#L182
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$icon'.
|
|
WordPress.Security.EscapeOutput.OutputNotEscaped:
includes/MslsCustomColumn.php#L97
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$icon'.
|
|
WordPress.Security.EscapeOutput.OutputNotEscaped:
includes/MslsPostTagClassic.php#L80
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$title_format'.
|
|
WordPress.Security.EscapeOutput.OutputNotEscaped:
includes/MslsPostTagClassic.php#L80
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'.
|
|
WordPress.Security.EscapeOutput.OutputNotEscaped:
includes/MslsPostTagClassic.php#L129
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$item_format'.
|
|
WordPress.Security.EscapeOutput.OutputNotEscaped:
includes/MslsPostTagClassic.php#L129
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$language'.
|
|
WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in:
includes/MslsCustomFilter.php#L81
Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
|
|
WordPress.Security.NonceVerification.Recommended:
includes/ContentImport/Importers/WithRequestPostAttributes.php#L31
Processing form data without nonce verification.
|
|
WordPress.Security.NonceVerification.Recommended:
includes/ContentImport/Importers/WithRequestPostAttributes.php#L35
Processing form data without nonce verification.
|
|
WordPress.Security.NonceVerification.Missing:
includes/ContentImport/ContentImporter.php#L156
Processing form data without nonce verification.
|
|
WordPress.Security.NonceVerification.Missing:
includes/ContentImport/ContentImporter.php#L169
Processing form data without nonce verification.
|
|
WordPress.Security.NonceVerification.Missing:
includes/ContentImport/ContentImporter.php#L173
Processing form data without nonce verification.
|
|
WordPress.Security.NonceVerification.Recommended:
includes/ContentImport/ContentImporter.php#L198
Processing form data without nonce verification.
|
|
WordPress.Security.NonceVerification.Recommended:
includes/ContentImport/ContentImporter.php#L198
Processing form data without nonce verification.
|
|
WordPress.Security.NonceVerification.Recommended:
includes/ContentImport/ContentImporter.php#L199
Processing form data without nonce verification.
|
|
WordPress.Security.NonceVerification.Missing:
includes/ContentImport/ContentImporter.php#L381
Processing form data without nonce verification.
|