Prep Plugin for release on WordPress.org

Escape everything that should be escaped.
Add nonce checks where needed.
Sanitize all inputs.
Apply Code style changes across the codebase.
Correct many deprecation notices.
Optimize load order of many filters.

views/base/centered.php

@@ -11,7 +11,7 @@
 
 	<h1 class="wp-heading-inline">
 
-		<?php echo $page_title; ?>
+		<?php echo esc_html($page_title); ?>
 
 		<?php
 		/**
@@ -34,7 +34,7 @@
 
 			<?php endif; ?>
 
-			<?php echo $action_link['label']; ?>
+			<?php echo esc_html($action_link['label']); ?>
 
 		</a>
 
@@ -52,10 +52,10 @@
 
 	</h1>
 
-	<?php if (isset($_GET['updated'])) : ?>
+	<?php if (isset($_GET['updated'])) : // phpcs:ignore WordPress.Security.NonceVerification ?>
 
 		<div id="message" class="updated notice wu-admin-notice notice-success is-dismissible below-h2">
-		<p><?php echo $labels['updated_message']; ?></p>
+		<p><?php echo esc_html($labels['updated_message']); ?></p>
 		</div>
 
 	<?php endif; ?>
@@ -98,7 +98,7 @@
 
 						<h3 class="wu-m-0 wu-widget-title">
 
-							<?php _e('Change Membership', 'wp-multisite-waas'); ?>
+							<?php esc_html_e('Change Membership', 'wp-multisite-waas'); ?>
 
 						</h3>
 
@@ -108,7 +108,7 @@
 
 						<div class="inside">
 
-							<?php echo $content; ?>
+							<?php echo wp_kses_post($content); ?>
 
 						</div>