Apparently we have some issues with our POST/GET/REQUEST methods that we need to adjust before WordPress will approve this plugin.
When you include POST/GET/REQUEST calls in your plugin, it's important to sanitize, validate, and escape them.
All instances where $_POST data is inserted into the database, or into a file, MUST be properly sanitized for security. This also holds true for $_REQUEST calls that are processed. In addition, by sanitizing your POST data when used to make action calls or URL redirects, you will lessen the possibility of XSS vulnerabilities. You should never have a raw POST call inserted into the database, even by a update function, and even with a prepare() call.
In addition to sanitization, you should validate all your calls. If a $_POST call should only be a number, ensure it's an int() before you pass it through anything. Even if you're sanitizing or using WordPress functions to ensure things are safe, we ask you please validate for sanity's sake. Any time you are adding data to the database, it should be the right data.
Similarly, when you're outputting data, make sure to escape it properly, so it can't hijack admin screens. There are many esc_*() functions you can use to make sure you don't show people the wrong data.
In all cases, using stripslashes is not enough. You need to use the correct methods associated with the type of content you're processing. The ultimate goal is that you should ensure that invalid and unsafe data is NEVER processed or displayed. Clean everything, check everything, escape everything, and never trust the users to always have input sane data.
Apparently we have some issues with our POST/GET/REQUEST methods that we need to adjust before WordPress will approve this plugin.