Emailed Author: There are issues with your plugin code. Please read this ENTIRE email, address all listed issues, and reply to this email with your corrected code attached. It is required for you to read and reply to these emails, and failure to do so will result in your plugin being rejected.
## Please sanitize and validate your POST calls
You are not properly sanitizing your POST/GET/REQUEST calls.
All instances where $_POST data is inserted into the database, or into a file, MUST be properly sanitized for security. This also holds true for $_REQUEST calls that are processed. In addition, by sanitizing your POST data when used to make action calls or URL redirects, you will lessen the possibility of XSS vulnerabilities.
Using stripslashes or trim is not enough, you need to use the Input Validation methods, or things similar, to protect your plugin. The ultimate goal is that you should ensure that invalid data is NEVER processed.
Please review this document and update your code accordingly: http://codex.wordpress.org/Validating_Sanitizing_and_Escaping_User_Data
## Unsafe SQL calls
When making database calls, it's highly important to protect your code from SQL injection vulnerabilities. You need to update your code to use prepare() with your queries to protect them.
Please review the following:
* http://codex.wordpress.org/Class_Reference/wpdb#Protect_Queries_Against_SQL_Injection_Attacks
* http://codex.wordpress.org/Data_Validation#Database
* http://make.wordpress.org/core/2012/12/12/php-warning-missing-argument-2-for-wpdb-prepare/
* http://ottopress.com/2013/better-know-a-vulnerability-sql-injection/
----
Please make sure you've addressed ALL issues brought up in this email. When you've corrected your code, reply to this email with the updated code attached as a zip, or provide a link to the new code for us to review. If you have questions, concerns, or need clarification, please reply to this email and just ask us.