@ipstenu Thank you very much for answering.
I would like to be a bit more specific. Let’s imagine that a developer used a code similar to this:
$id = $_POST['id'];
$query = "SELECT * FROM mytable WHERE id=$id";
This code is totally insecure, since it does not sanitize the value from the client (the ID), and it does not parameterize the value within the query.
Could you tell me what is the ordinary response of WP towards similar practices?
What if a developer submits this within their plugin to be reviewed by the WP team?
