Emailed Author: ## Please sanitize your POST calls
You are not properly sanitizing your POST/GET/REQUEST calls.
if(isset( $_POST['wpes_consumer_key'])){
update_option('wpes_consumer_key', $_POST['wpes_consumer_key']);
update_option('wpes_consumer_secret', $_POST['wpes_consumer_secret']);
update_option('wpes_dissearched', $_POST['wpes_dissearched']);
update_option('wpes_count', $_POST['wpes_count']);
}
All instances where $_POST data is inserted into the database, or into a file, MUST be properly sanitized for security. This also holds true for $_REQUEST calls that are processed. In addition, by sanitizing your POST data, you will lessen the possibility of XSS vulnerabilities.
Using stripslashes is not enough, you need to use the Input Validation methods, or things similar, to protect your plugin. The ultimate goal is that you should ensure that invalid data is NEVER processed.
Please review this document and update your code accordingly: http://codex.wordpress.org/Validating_Sanitizing_and_Escaping_User_Data
When you've corrected your code, reply to this email with the updated code attached as a zip, or provide a link to the new code for us to review.