In your list, numbers 1 and 3 are something your hosting company's server administrator must resolve. They have nothing to do with Zen Cart.
For number 2, while minor, you could get their scanner to stop complaining about it by upgrading to the latest version of Zen Cart (which is the SMARTEST solution you should choose) which has specifically addressed that issue as follows:
/includes/modules/pages/discount_coupon/header_php.php
at line 18, insert the highlighted line, as shown:
Code:
$coupon = $db->Execute("select * from " . TABLE_COUPONS . " where coupon_code = '" . zen_db_input($_POST['lookup_discount_coupon']) . "' and coupon_type != 'G'");
$_POST['lookup_discount_coupon'] = zen_sanitize_string($_POST['lookup_discount_coupon']);
if ($coupon->RecordCount() < 1) {
Bookmarks