Prep Plugin for release on WordPress.org

Escape everything that should be escaped.
Add nonce checks where needed.
Sanitize all inputs.
Apply Code style changes across the codebase.
Correct many deprecation notices.
Optimize load order of many filters.

views/settings/fields/field-text.php

@@ -13,7 +13,7 @@
 
 		<label for="<?php echo esc_attr($field->id); ?>">
 
-		<?php echo $field->title; ?>
+		<?php echo esc_html($field->title); ?>
 
 		</label>
 
@@ -21,17 +21,17 @@
 
 	<div class="wu-w-2/3">
 
-		<input <?php echo $field->html_attr ? $field->get_html_attributes() : ''; ?>  <?php echo $field->disabled ? 'disabled="disabled"' : ''; ?> name="<?php echo esc_attr($field->id); ?>" type="<?php echo esc_attr($field->type); ?>" id="<?php echo esc_attr($field->id); ?>" class="regular-text" value="<?php echo wu_get_setting($field->id); ?>" placeholder="<?php echo $field->placeholder ?: ''; ?>">
+		<input <?php echo $field->html_attr ? $field->get_html_attributes() : ''; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>  <?php echo $field->disabled ? 'disabled="disabled"' : ''; ?> name="<?php echo esc_attr($field->id); ?>" type="<?php echo esc_attr($field->type); ?>" id="<?php echo esc_attr($field->id); ?>" class="regular-text" value="<?php echo esc_attr(wu_get_setting($field->id)); ?>" placeholder="<?php echo esc_attr($field->placeholder ?: ''); ?>">
 
 		<?php if (isset($field->append) && ! empty($field->append)) : ?>
 
-			<?php echo $field->append; ?>
+			<?php echo wp_kses_post($field->append); ?>
 
 		<?php endif; ?>
 
 		<?php if ($field->desc) : ?>
 
-		<p class="description" id="<?php echo $field->id; ?>-desc">
+		<p class="description" id="<?php echo esc_attr($field->id); ?>-desc">
 
 			<?php echo $field->desc; ?>
 
@@ -43,6 +43,4 @@
 
 	</div>
 
-	<?php // if (isset($field['tooltip'])) {echo WU_Util::tooltip($field['tooltip']);} ?>
-
 </div>