This plugin is a full OAuth 2.0 authorization server/provider for WordPress. The goal of WP OAuth Server is to provide an easy to use authorization method that 3rd party platforms can use to securely authorize users from your WordPress site.
Again, this is just like a $wpdb->prepare() in many ways. It is sanitizing and securing the $_GET variables. Yes, this is in the /wp-admin/ but STILL important and best practice. This should be done throughout the project.
This is the last issue I have time for and then I am going to create a fork. But in /includes/actions.php (just as one example) you have:
This needs to be:
$url = add_query_arg( [ 'page' => 'wo_server_status' ], admin_url() ); wp_safe_redirect( $url );
Again, this is just like a $wpdb->prepare() in many ways. It is sanitizing and securing the $_GET variables. Yes, this is in the /wp-admin/ but STILL important and best practice. This should be done throughout the project.