[SecurityNoob]

It’s too late for me. Basically I had this coded a month ago and as soon as it worked, I 5-starred and I was far too quick to say thank you (and tip him).

From this guys response, I’m thinking that I need someone to evaluate all of the code - I don’t have faith in and don’t understand it all.

Maybe Fiverr isn’t the best place for WooCommerce work after all!

[CommitSyn]

Now's a great time to learn how to read basic PHP and how to modify code to sanitize input. It's low-hanging knowledge that won't take much time. You're not going to prevent the OWASP top30, but you can stop SQLi and XSS and maybe get more into webappsec.

Input going into DB: https://wordpress.stackexchange.com/questions/114344/how-to-...

Input being displayed from DB: https://developer.wordpress.org/reference/functions/sanitize...

But also, steal his cookie. Allow the student to become the teacher and see if he takes it as a humble learning experience.