Sanitização plugin WordPress

Desenvolvemos um plugin para WordPress e precisamos realizar alguns ajustes apontado no processo de code review. When you include POST/GET/REQUEST/FILE calls in your plugin, it's important to sanitize, validate, and escape them. The goal here is to prevent a user from accidentally sending trash data through the system, as well as protecting them from potential security issues. SANITIZE: Data that is input (either by a user or automatically) must be sanitized. This lessens the possibility of XSS vulnerabilities and MITM attacks where posted data is subverted. VALIDATE: All data should be validated as much as possible. Even when you sanitize, remember that you don’t want someone putting in ‘dog’ when the only valid values are numbers. ESCAPE: Data that is output must be escaped properly, so it can't hijack admin screens. There are many esc_*() functions you can use to make sure you don't show people the wrong data. To help you with this, WordPress comes with a number of sanitization and escaping functions. You can read about those here: * [login to view URL] * [login to view URL] Remember: You must use the MOST appropriate functions for the context. If you’re sanitizing email, use sanitize_email(), if you’re outputting HTML, use esc_html(), and so on. Clean everything, check everything, escape everything, and never trust the users to always have input sane data. Some examples from your plugin: $orderStatuses = $_POST[$this->plugin_id . $this->id . '_order_statuses']; $wcStatusName = $_POST['woocommerce_allvorpay_order_statuses'][$cgStatusName];