diff --git a/src/classes/api/endpoints/class-tainacan-rest-items-controller.php b/src/classes/api/endpoints/class-tainacan-rest-items-controller.php
index 2220cb62d..d7232d2f9 100644
--- a/src/classes/api/endpoints/class-tainacan-rest-items-controller.php
+++ b/src/classes/api/endpoints/class-tainacan-rest-items-controller.php
@@ -1383,7 +1383,12 @@ class REST_Items_Controller extends REST_Controller {
 				], 400);
 			}
 			$secret_key = get_option("tnc_option_recaptch_secret_key");
-			$response = json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$secret_key&response=".$captcha_data."&remoteip=".$_SERVER['REMOTE_ADDR']));
+			$api_url = "https://www.google.com/recaptcha/api/siteverify?secret=$secret_key&response=".$captcha_data."&remoteip=".$_SERVER['REMOTE_ADDR'];
+
+			$response = wp_remote_get( $api_url );
+			$body = wp_remote_retrieve_body( $response );
+			$response = json_decode($body);
+
 			if ($response->success) {
 				return true;
 			} else {
diff --git a/src/classes/class-tainacan-media.php b/src/classes/class-tainacan-media.php
index 87412b9e7..0b008e627 100644
--- a/src/classes/class-tainacan-media.php
+++ b/src/classes/class-tainacan-media.php
@@ -103,54 +103,11 @@ class Media {
 		 * @return string the file path
 		 */
 		public function save_remote_file($url) {
-				set_time_limit(0);
-
-				$filename = tempnam(sys_get_temp_dir(), basename($url));
-
-				# Open the file for writing...
-				self::$file_handle = fopen($filename, 'w+');
-				self::$file_name = $filename;
-
-				$callback = function ($ch, $str)  {
-						$len = fwrite(self::$file_handle, $str);
-						return $len;
-				};
-
-				$ch = curl_init();
-				curl_setopt($ch, CURLOPT_URL, $url);
-				curl_setopt($ch, CURLOPT_FILE, self::$file_handle);
-				curl_setopt($ch, CURLOPT_HEADER, 0);
-				curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-				curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
-				curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); # optional
-				curl_setopt($ch, CURLOPT_TIMEOUT, -1); # optional: -1 = unlimited, 3600 = 1 hour
-				curl_setopt($ch, CURLOPT_VERBOSE, false); # Set to true to see all the innards
-
-				# Only if you need to bypass SSL certificate validation
-				curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
-				curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
-
-				# Assign a callback function to the CURL Write-Function
-				curl_setopt($ch, CURLOPT_WRITEFUNCTION, $callback);
-
-				# Execute the download - note we DO NOT put the result into a variable!
-				curl_exec($ch);
-				if (curl_errno($ch)) {
-					$error_msg = curl_error($ch);
-					# Close CURL
-					curl_close($ch);
-					# Close the file pointer
-					fclose(self::$file_handle);
-					throw new \Exception( "[save_remote_file]:" . $error_msg);
-				}
-
-				# Close CURL
-				curl_close($ch);
-
-				# Close the file pointer
-				fclose(self::$file_handle);
-
-				return $filename;
+			$filename = download_url($url, 900);
+			if( is_wp_error($filename) ) {
+				throw new \Exception( "[save_remote_file]:" . implode("\n", $filename->get_error_messages()));
+			}
+			return $filename;
 		}
 
 
diff --git a/src/classes/class-tainacan-private-files.php b/src/classes/class-tainacan-private-files.php
index 9e489b2b6..160525220 100644
--- a/src/classes/class-tainacan-private-files.php
+++ b/src/classes/class-tainacan-private-files.php
@@ -117,12 +117,12 @@ class Private_Files {
 
 		// regular ajax uploads via Admin Panel will send post_id
 		if ( isset($_REQUEST['post_id']) && $_REQUEST['post_id'] ) {
-			$post_id = $_REQUEST['post_id'];
+			$post_id = sanitize_text_field($_REQUEST['post_id']);
 		}
 
 		// API requests to media endpoint will send post
 		if ( false === $post_id && isset($_REQUEST['post']) && is_numeric($_REQUEST['post']) ) {
-			$post_id = $_REQUEST['post'];
+			$post_id = sanitize_text_field($_REQUEST['post']);
 		}
 
 		// tainacan internals, scripts and tests, will set this global
@@ -191,7 +191,7 @@ class Private_Files {
 			$upload_dir = wp_get_upload_dir();
 			$base_upload_url = preg_replace('/^https?:\/\//', '', $upload_dir['baseurl']);
 
-			$requested_uri = $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
+			$requested_uri = sanitize_text_field($_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']);
 
 			if ( strpos($requested_uri, $base_upload_url) === false ) {
 				// Not uploads
diff --git a/src/classes/entities/class-tainacan-item.php b/src/classes/entities/class-tainacan-item.php
index 4a035b84e..48ff44919 100644
--- a/src/classes/entities/class-tainacan-item.php
+++ b/src/classes/entities/class-tainacan-item.php
@@ -564,7 +564,6 @@ class Item extends Entity {
 	 */
 	public function get_metadata_as_html($args = array()) {
 
-		$Tainacan_Item_Metadata = \Tainacan\Repositories\Item_Metadata::get_instance();
 		$Tainacan_Metadata = \Tainacan\Repositories\Metadata::get_instance();
 
 		$return = '';
@@ -633,7 +632,7 @@ class Item extends Entity {
 
 			}
 
-			return $return;
+			return wp_kses_tainacan($return);
 
 		}
 
@@ -702,7 +701,7 @@ class Item extends Entity {
 			}
 		}
 
-		return $return;
+		return wp_kses_tainacan($return);
 
 	}
 
@@ -772,8 +771,7 @@ class Item extends Entity {
 
 		}
 
-		return apply_filters("tainacan-item-get-document-as-html", $output, $img_size, $this);
-
+		return apply_filters("tainacan-item-get-document-as-html", wp_kses_tainacan($output), $img_size, $this);
 	}
 
 	/**
@@ -806,8 +804,7 @@ class Item extends Entity {
 				$output .= $embed;
 			}
 		}
-	
-		return $output;
+		return wp_kses_tainacan($output);
 
 	}
 
@@ -841,7 +838,7 @@ class Item extends Entity {
 			}
 		}
 
-		return $link;
+		return esc_url($link);
 	}
 
 	/**
diff --git a/src/classes/exporter/class-tainacan-csv.php b/src/classes/exporter/class-tainacan-csv.php
index a9bab17cf..ca174e622 100644
--- a/src/classes/exporter/class-tainacan-csv.php
+++ b/src/classes/exporter/class-tainacan-csv.php
@@ -312,7 +312,7 @@ class CSV extends Exporter {
 					</div>
 			</span>
 			<div class="control is-clearfix">
-				<input class="input" type="text" name="delimiter" maxlength="1" value="<?php echo $this->get_option('delimiter'); ?>">
+				<input class="input" type="text" name="delimiter" maxlength="1" value="<?php echo esc_attr($this->get_option('delimiter')); ?>">
 			</div>
 		</div>
 
@@ -334,7 +334,7 @@ class CSV extends Exporter {
 					</div>
 			</span>
 			<div class="control is-clearfix">
-				<input class="input" type="text" name="multivalued_delimiter" value="<?php echo $this->get_option('multivalued_delimiter'); ?>">
+				<input class="input" type="text" name="multivalued_delimiter" value="<?php echo esc_attr($this->get_option('multivalued_delimiter')); ?>">
 			</div>
 		</div>
 
diff --git a/src/classes/exporter/class-tainacan-term-exporter.php b/src/classes/exporter/class-tainacan-term-exporter.php
index 7fe612680..552382c8f 100644
--- a/src/classes/exporter/class-tainacan-term-exporter.php
+++ b/src/classes/exporter/class-tainacan-term-exporter.php
@@ -98,7 +98,7 @@ class Term_Exporter extends Exporter {
 					</div>
 				</span>
             <div class="control is-clearfix">
-                <input class="input" type="text" name="delimiter" value="<?php echo $this->get_option('delimiter'); ?>">
+                <input class="input" type="text" name="delimiter" value="<?php echo esc_attr($this->get_option('delimiter')); ?>">
             </div>
         </div>
 
@@ -127,7 +127,7 @@ class Term_Exporter extends Exporter {
                         $taxonomies  = $Tainacan_Taxonomies->fetch( ['nopaging' => true], 'OBJECT' );
                         foreach( $taxonomies as $taxonomie) {
                             ?>
-                            <option value="<?php echo $taxonomie->get_db_identifier();?>"><?php echo $taxonomie->get_name() ?> </option>
+                            <option value="<?php echo esc_attr($taxonomie->get_db_identifier());?>"><?php echo esc_attr($taxonomie->get_name()); ?> </option>
                             <?php
                         }
                         ?>
diff --git a/src/classes/exposers/class-tainacan-exposers-handler.php b/src/classes/exposers/class-tainacan-exposers-handler.php
index 28bdee911..249412484 100644
--- a/src/classes/exposers/class-tainacan-exposers-handler.php
+++ b/src/classes/exposers/class-tainacan-exposers-handler.php
@@ -148,7 +148,7 @@ class Exposers_Handler {
 					$type_responde = $exposer->rest_request_after_callbacks($response, $handler, $request);
 					if(self::request_has_url_param($request)) {
 						header(implode('', $response->get_headers()));
-						echo stripcslashes($response->get_data());
+						echo esc_attr(stripcslashes($response->get_data()));
 						exit();
 					}
 					return $type_responde;
diff --git a/src/classes/importer/class-tainacan-csv.php b/src/classes/importer/class-tainacan-csv.php
index 9322d8f79..fea113b08 100644
--- a/src/classes/importer/class-tainacan-csv.php
+++ b/src/classes/importer/class-tainacan-csv.php
@@ -334,7 +334,7 @@ class CSV extends Importer {
 							</div>
 					</span>
 					<div class="control is-clearfix">
-						<input class="input" type="text" name="multivalued_delimiter" value="<?php echo $this->get_option('multivalued_delimiter'); ?>">
+						<input class="input" type="text" name="multivalued_delimiter" value="<?php echo esc_attr($this->get_option('multivalued_delimiter')); ?>">
 					</div>
 				</div>
 			</div>
@@ -357,7 +357,7 @@ class CSV extends Importer {
 							</div>
 					</span>
 					<div class="control is-clearfix">
-						<input class="input" type="text" name="enclosure" value="<?php echo $this->get_option('enclosure'); ?>">
+						<input class="input" type="text" name="enclosure" value="<?php echo esc_attr($this->get_option('enclosure')); ?>">
 					</div>
 				</div>
 			</div>
@@ -410,7 +410,7 @@ class CSV extends Importer {
 						</div>
 					</span>
 					<div class="control is-clearfix">
-						<input class="input" type="text" name="escape_empty_value" value="<?php echo $this->get_option('escape_empty_value'); ?>">
+						<input class="input" type="text" name="escape_empty_value" value="<?php echo esc_attr($this->get_option('escape_empty_value')); ?>">
 					</div>
 				</div>
 			</div>
@@ -467,7 +467,7 @@ class CSV extends Importer {
 						</div>
 					</span>
 					<div class="control is-clearfix">
-						<input class="input" type="text" name="server_path" value="<?php echo $this->get_option('server_path'); ?>">
+						<input class="input" type="text" name="server_path" value="<?php echo esc_attr($this->get_option('server_path')); ?>">
 					</div>
 					<p class="help">
 						<strong><?php _e('Importing attachments', 'tainacan'); ?>: </strong><?php echo nl2br(__('Check the documentation to learn how to set up your .csv file correctly for importing files <a href="https://tainacan.github.io/tainacan-wiki/#/importers?id=importador-csv-items">on this link.</a>', 'tainacan')); ?>
diff --git a/src/classes/importer/class-tainacan-flickr-importer.php b/src/classes/importer/class-tainacan-flickr-importer.php
index 9865c2891..920c212ff 100644
--- a/src/classes/importer/class-tainacan-flickr-importer.php
+++ b/src/classes/importer/class-tainacan-flickr-importer.php
@@ -188,7 +188,9 @@ class Flickr_Importer extends Importer {
 
                 $this->add_log('url ' . $api_url);
 
-                $json = json_decode(file_get_contents($api_url));
+                $response = wp_remote_get( $api_url );
+                $body = wp_remote_retrieve_body( $response );
+                $json = json_decode($body);
                 if( $json && isset($json->photoset) ){
                     return $json;
                 }
@@ -203,7 +205,10 @@ class Flickr_Importer extends Importer {
 
                 $this->add_log('url ' . $api_url);
 
-                $json = json_decode(file_get_contents($api_url));
+                $response = wp_remote_get( $api_url );
+                $body = wp_remote_retrieve_body( $response );
+                $json = json_decode($body);
+
                 if( $json && isset($json->photos) ){
                     return $json;
 
@@ -218,7 +223,9 @@ class Flickr_Importer extends Importer {
 
                 $this->add_log('url ' . $api_url);
 
-                $json = json_decode(file_get_contents($api_url));
+                $response = wp_remote_get( $api_url );
+                $body = wp_remote_retrieve_body( $response );
+                $json = json_decode($body);
                 if( $json && isset($json->photo) ){
                     return $json;
 
@@ -428,8 +435,9 @@ class Flickr_Importer extends Importer {
             . $id . $this->format;
 
         $this->add_log('url ' . $api_url);
-
-        $json = json_decode(file_get_contents($api_url));
+        $response = wp_remote_get( $api_url );
+        $body = wp_remote_retrieve_body( $response );
+        $json = json_decode($body);
         if( $json && isset($json->photo) ){
             return $json;
 
diff --git a/src/classes/importer/class-tainacan-test-importer.php b/src/classes/importer/class-tainacan-test-importer.php
index 8494244c1..0e4d6b948 100644
--- a/src/classes/importer/class-tainacan-test-importer.php
+++ b/src/classes/importer/class-tainacan-test-importer.php
@@ -125,7 +125,7 @@ class Test_Importer extends Importer {
 							</div> 
 					</span>
 					<div class="control is-clearfix">
-						<input class="input" type="number" name="items_col_1" value="<?php echo $this->get_option('items_col_1'); ?>">
+						<input class="input" type="number" name="items_col_1" value="<?php echo esc_attr($this->get_option('items_col_1')); ?>">
 					</div>
 				</div>
 			</div>
@@ -149,7 +149,7 @@ class Test_Importer extends Importer {
 							</div> 
 					</span>
 					<div class="control is-clearfix">
-						<input class="input" type="number" name="additonal_metadata" value="<?php echo $this->get_option('additonal_metadata'); ?>">
+						<input class="input" type="number" name="additonal_metadata" value="<?php echo esc_attr($this->get_option('additonal_metadata')); ?>">
 					</div>
 				</div>
 			</div>
@@ -204,7 +204,7 @@ class Test_Importer extends Importer {
 							</div> 
 					</span>
 					<div class="control is-clearfix">
-						<input class="input" type="number" name="items_col_2" value="<?php echo $this->get_option('items_col_2'); ?>">
+						<input class="input" type="number" name="items_col_2" value="<?php echo esc_attr($this->get_option('items_col_2')); ?>">
 					</div>
 				</div>
 			</div>
@@ -266,7 +266,7 @@ class Test_Importer extends Importer {
 							</div> 
 					</span>
 					<div class="control is-clearfix">
-						<input class="input" type="text" name="keyword_images" value="<?php echo $this->get_option('keyword_images'); ?>">
+						<input class="input" type="text" name="keyword_images" value="<?php echo esc_attr($this->get_option('keyword_images')); ?>">
 					</div>
 				</div>
 			</div>
@@ -290,7 +290,7 @@ class Test_Importer extends Importer {
 							</div> 
 					</span>
 					<div class="control is-clearfix">
-						<input class="input" type="number" name="horizontal_image_size" value="<?php echo $this->get_option('horizontal_image_size'); ?>">
+						<input class="input" type="number" name="horizontal_image_size" value="<?php echo esc_attr($this->get_option('horizontal_image_size')); ?>">
 					</div>
 				</div>
 
@@ -312,7 +312,7 @@ class Test_Importer extends Importer {
 							</div> 
 					</span>
 					<div class="control is-clearfix">
-						<input class="input" type="number" name="vertical_image_size" value="<?php echo $this->get_option('vertical_image_size'); ?>">
+						<input class="input" type="number" name="vertical_image_size" value="<?php echo esc_attr($this->get_option('vertical_image_size')); ?>">
 					</div>
 				</div>
 			</div>
@@ -649,8 +649,10 @@ class Test_Importer extends Importer {
 			$keyword = ( $this->get_option('keyword_images') ) ? $this->get_option('keyword_images') : '';
 
 			$url = "https://loremflickr.com/$horizontal_size/$vertical_size/$keyword";
+			$response = wp_remote_get( $url );
+			$content = wp_remote_retrieve_body( $response );
 			
-			$id = $TainacanMedia->insert_attachment_from_blob(file_get_contents($url), time() . '.jpg', $inserted_item->get_id());
+			$id = $TainacanMedia->insert_attachment_from_blob($content, time() . '.jpg', $inserted_item->get_id());
 
 			if(!$id){
 				$this->add_error_log('Error in imported URL ' . $url);
diff --git a/src/classes/importer/class-tainacan-youtube-importer.php b/src/classes/importer/class-tainacan-youtube-importer.php
index f058f5d49..7ce7751b7 100644
--- a/src/classes/importer/class-tainacan-youtube-importer.php
+++ b/src/classes/importer/class-tainacan-youtube-importer.php
@@ -231,7 +231,9 @@ class Youtube_Importer extends Importer {
                 $api_url = 'https://www.googleapis.com/youtube/v3/channels?part=statistics,snippet,contentDetails&id='
                     . $id . '&key=' . $api_key;
 
-                $json = json_decode(file_get_contents($api_url));
+                $response = wp_remote_get( $api_url );
+                $body = wp_remote_retrieve_body( $response );
+                $json = json_decode($body);
                 if( $json && isset($json->items) ){
                     $item = $json->items[0];
 
@@ -239,7 +241,9 @@ class Youtube_Importer extends Importer {
                         . $pageToken . '&maxResults=1&playlistId='
                         . $item->contentDetails->relatedPlaylists->uploads . '&key=' . $api_key;
 
-                    $json = json_decode(file_get_contents($api_url));
+                    $response = wp_remote_get( $api_url );
+                    $body = wp_remote_retrieve_body( $response );
+                    $json = json_decode($body);
 
                     if( $json && isset($json->items) ){
                         return $json;
@@ -251,8 +255,10 @@ class Youtube_Importer extends Importer {
             case 'user':
                 $api_url = 'https://www.googleapis.com/youtube/v3/channels?part=statistics,snippet,contentDetails&forUsername='
                     . $id . '&key=' . $api_key;
-
-                $json = json_decode(file_get_contents($api_url));
+                
+                $response = wp_remote_get( $api_url );
+                $body = wp_remote_retrieve_body( $response );
+                $json = json_decode($body);
                 if( $json && isset($json->items) ){
                     $item = $json->items[0];
 
@@ -260,7 +266,9 @@ class Youtube_Importer extends Importer {
                         . $pageToken . '&maxResults=1&playlistId='
                         . $item->contentDetails->relatedPlaylists->uploads . '&key=' . $api_key;
 
-                    $json = json_decode(file_get_contents($api_url));
+                    $response = wp_remote_get( $api_url );
+                    $body = wp_remote_retrieve_body( $response );
+                    $json = json_decode($body);
 
                     if( $json && isset($json->items) ){
                         return $json;
@@ -274,7 +282,9 @@ class Youtube_Importer extends Importer {
                     . $pageToken . '&maxResults=1&playlistId='
                     . $id . '&key=' . $api_key;
 
-                $json = json_decode(file_get_contents($api_url));
+                    $response = wp_remote_get( $api_url );
+                    $body = wp_remote_retrieve_body( $response );
+                    $json = json_decode($body);
                 if( $json && isset($json->items) ){
                     return $json;
 
@@ -285,7 +295,9 @@ class Youtube_Importer extends Importer {
                 $api_url = 'https://www.googleapis.com/youtube/v3/videos?part=snippet%2CcontentDetails&maxResults=1&id='
                     . $id . '&key=' . $api_key;
 
-                $json = json_decode(file_get_contents($api_url));
+                    $response = wp_remote_get( $api_url );
+                    $body = wp_remote_retrieve_body( $response );
+                    $json = json_decode($body);
                 if( $json && isset($json->items) ){
                     return $json;
 
@@ -399,7 +411,7 @@ class Youtube_Importer extends Importer {
                     </p>
                     
                     <div class="control is-clearfix">
-                        <input class="input" type="text" name="api_id" value="<?php echo $this->get_option('api_id'); ?>">
+                        <input class="input" type="text" name="api_id" value="<?php echo esc_attr($this->get_option('api_id')); ?>">
                     </div>
                 </div>
             </div>
diff --git a/src/classes/importer/import.php b/src/classes/importer/import.php
index d14e23c0d..0be1f3c3b 100644
--- a/src/classes/importer/import.php
+++ b/src/classes/importer/import.php
@@ -64,7 +64,7 @@ class ScriptTainacanOld {
         
         define( 'WP_USE_THEMES', false );
         define( 'SHORTINIT', false );
-        require( dirname(__FILE__) . '/../../../../wp-blog-header.php' );
+        // require( dirname(__FILE__) . '/../../../../wp-blog-header.php' );
 
         $old_tainacan = new \Tainacan\Importer\Old_Tainacan();
         $id = $old_tainacan->get_id();
diff --git a/src/classes/importer/term-importer/class-tainacan-term-importer.php b/src/classes/importer/term-importer/class-tainacan-term-importer.php
index 2309200b5..6e5481bb9 100644
--- a/src/classes/importer/term-importer/class-tainacan-term-importer.php
+++ b/src/classes/importer/term-importer/class-tainacan-term-importer.php
@@ -60,7 +60,7 @@ class Term_Importer extends Importer {
 							</div>
 						</span>
 						<div class="control is-clearfix">
-							<input class="input" type="text" name="delimiter" value="<?php echo $this->get_option('delimiter'); ?>">
+							<input class="input" type="text" name="delimiter" value="<?php echo esc_attr($this->get_option('delimiter')); ?>">
 						</div>
 					</div>
 				</div>
@@ -93,7 +93,7 @@ class Term_Importer extends Importer {
 									$taxonomies  = $Tainacan_Taxonomies->fetch( ['nopaging' => true], 'OBJECT' );
 									foreach( $taxonomies as $taxonomie) {
 										?>
-										<option value="<?php echo $taxonomie->get_db_identifier();?>"><?php echo $taxonomie->get_name() ?> </option>
+										<option value="<?php echo esc_attr($taxonomie->get_db_identifier());?>"><?php echo esc_attr($taxonomie->get_name()) ?> </option>
 										<?php
 									}
 								?>
@@ -101,7 +101,7 @@ class Term_Importer extends Importer {
 
 							</div>
 
-							<input class="input new_taxonomy" type="text" name="new_taxonomy" value="<?php echo $this->get_option('new_taxonomy'); ?>" placeholder="<?php _e('New taxonomy name', 'tainacan'); ?>" >
+							<input class="input new_taxonomy" type="text" name="new_taxonomy" value="<?php echo esc_attr($this->get_option('new_taxonomy')); ?>" placeholder="<?php _e('New taxonomy name', 'tainacan'); ?>" >
 
 						</div>
 					</div>
diff --git a/src/classes/libs/wp-async-request.php b/src/classes/libs/wp-async-request.php
index 42f6d9ac0..cafb1eb68 100644
--- a/src/classes/libs/wp-async-request.php
+++ b/src/classes/libs/wp-async-request.php
@@ -130,7 +130,6 @@
 				'timeout'   => 0.01,
 				'blocking'  => false,
 				'body'      => $this->data,
-				'cookies'   => $_COOKIE,
 				'sslverify' => apply_filters( 'https_local_ssl_verify', false ),
 			);
 		}
diff --git a/src/classes/theme-helper/class-tainacan-theme-helper.php b/src/classes/theme-helper/class-tainacan-theme-helper.php
index 2867d94c6..fe52aa9ea 100644
--- a/src/classes/theme-helper/class-tainacan-theme-helper.php
+++ b/src/classes/theme-helper/class-tainacan-theme-helper.php
@@ -362,8 +362,6 @@ class Theme_Helper {
 	}
 
 	public function item_submission_shortcode($args) {
-		global $TAINACAN_BASE_URL;
-
 		$props = ' ';
 
 		// Passes arguments to custom props
@@ -377,7 +375,36 @@ class Theme_Helper {
 
 		wp_enqueue_media();
 
-		return "<div data-module='item-submission-form' id='tainacan-item-submission-form' $props ></div>";
+		$allowed_html = [
+			'div' => [
+				'id' => true,
+				'data-module' => true,
+				'collection-id' => true,
+				'hide-file-modal-button' => true,
+				'hide-text-modal-button' => true,
+				'hide-link-modal-button' => true,
+				'hide-thumbnail-section' => true,
+				'hide-attachments-section' => true,
+				'show-allow-comments-section' => true,
+				'hide-collapses' => true,
+				'hide-help-buttons' => true,
+				'hide-metadata-types' => true,
+				'help-info-bellow-label' => true,
+				'document-section-label' => true,
+				'thumbnail-section-label' => true,
+				'attachments-section-label' => true,
+				'metadata-section-label' => true,
+				'sent-form-heading' => true,
+				'sent-form-message' => true,
+				'item-link-button-label' => true,
+				'show-item-link-button' => true,
+				'show-terms-agreement-checkbox' => true,
+				'terms-agreement-message' => true,
+				'enabled-metadata' => true,
+			]
+		];
+
+		return wp_kses("<div data-module='item-submission-form' id='tainacan-item-submission-form' $props ></div>", $allowed_html);
 	}
 
 	/**
@@ -489,7 +516,40 @@ class Theme_Helper {
 			}
 		}
 
-		return "<div data-module='faceted-search' id='tainacan-items-page' $props ></div>";
+		$allowed_html = [
+			'div' => [
+				'id' => true,
+				'data-module' => true,
+				'collection-id' => true,
+				'term-id' => true,
+				'taxonomy' => true,
+				'default-view-mode' => true,
+				'is-forced-view-mode' => true,
+				'enabled-view-modes' => true,
+				'default-order' => true,
+				'default-orderby' => true,
+				'hide-filters' => true,
+				'hide-hide-filters-button' => true,
+				'hide-search' => true,
+				'hide-advanced-search' => true,
+				'hide-displayed-metadata-button' => true,
+				'hide-sorting-area' => true,
+				'hide-items-thumbnail' => true,
+				'hide-sort-by-button' => true,
+				'hide-exposers-button' => true,
+				'hide-items-per-page-button' => true,
+				'hide-go-to-page-button' => true,
+				'hide-pagination-area' => true,
+				'default-items-per-page' => true,
+				'show-filters-button-inside-search-control' => true,
+				'start-with-filters-hidden' => true,
+				'filters-as-modal' => true,
+				'show-inline-view-mode-options' => true,
+				'show-fullscreen-with-view-modes' => true
+			]
+		];
+
+		return wp_kses("<div data-module='faceted-search' id='tainacan-items-page' $props ></div>", $allowed_html);
 	}
 	
 	function get_items_list_slug() {
@@ -680,7 +740,7 @@ class Theme_Helper {
 
 			$logo = get_template_directory_uri() . '/assets/images/social-logo.png';
 			$excerpt = get_bloginfo( 'description' );
-			$url_src = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
+			$url_src = esc_url((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
 			global $wp;
 				
 			if ( is_post_type_archive() ) {
@@ -749,13 +809,13 @@ class Theme_Helper {
 
 			?>
 			<meta property="og:type" content="article"/>
-			<meta property="og:title" content="<?php echo $title; ?>"/>
-			<meta property="og:site_name" content="<?php echo get_bloginfo(); ?>"/>
-			<meta property="og:description" content="<?php echo $excerpt; ?>"/>
-			<meta property="og:url" content="<?php echo $url_src; ?>"/>
-			<meta property="og:image" content="<?php echo $image['url']; ?>"/>
-			<meta property="og:image:width" content="<?php echo $image['width']; ?>"/>
-			<meta property="og:image:height" content="<?php echo $image['height']; ?>"/>
+			<meta property="og:title" content="<?php echo esc_attr($title); ?>"/>
+			<meta property="og:site_name" content="<?php echo esc_attr(get_bloginfo()); ?>"/>
+			<meta property="og:description" content="<?php echo esc_html($excerpt); ?>"/>
+			<meta property="og:url" content="<?php echo esc_url($url_src); ?>"/>
+			<meta property="og:image" content="<?php echo esc_url($image['url']); ?>"/>
+			<meta property="og:image:width" content="<?php echo esc_attr($image['width']); ?>"/>
+			<meta property="og:image:height" content="<?php echo esc_attr($image['height']); ?>"/>
 
 
 		<?php } else { return; } // End if().
@@ -895,14 +955,22 @@ class Theme_Helper {
 		unset($args['class_name']);
 		
 		// Builds parameters to the html div rendered by Vue
+		$allowed_html = [
+			'div' => [
+				'data-module' => true,
+				'id' => true
+			]
+		];
 		foreach ($args as $key => $value) {
 			if (is_bool($value))
 				$value = $value ? 'true' : 'false';
 			// Changes from PHP '_' notation to HTML '-' notation
-			$props .= (str_replace('_', '-', $key) . "='" . $value . "' ");
+			$key_attr = str_replace('_', '-', $key);
+			$props .= "$key_attr='$value' ";
+			$allowed_html['div'][$key_attr] = true;
 		}
 		
-		return "<div data-module='carousel-items-list' id='tainacan-items-carousel-shortcode_" . uniqid() . "' $props ></div>";
+		return wp_kses( "<div data-module='carousel-items-list' id='tainacan-items-carousel-shortcode_" . uniqid() . "' $props ></div>", $allowed_html);
 	} 
 
 	/**
@@ -970,15 +1038,24 @@ class Theme_Helper {
 		$args['class'] = $args['class_name'] . ' wp-block-tainacan-dynamic-items-list';
 		unset($args['class_name']);
 		
+		// Builds parameters to the html div rendered by Vue
+		$allowed_html = [
+			'div' => [
+				'data-module' => true,
+				"id" => true
+			]
+		];
 		// Builds parameters to the html div rendered by Vue
 		foreach ($args as $key => $value) {
 			if (is_bool($value))
 				$value = $value ? 'true' : 'false';
 			// Changes from PHP '_' notation to HTML '-' notation
-			$props .= (str_replace('_', '-', $key) . "='" . $value . "' ");
+			$key_attr = str_replace('_', '-', $key);
+			$props .=  "$key_attr='$value' ";
+			$allowed_html['div'][$key_attr] = true;
 		}
 		
-		return "<div data-module='dynamic-items-list' id='tainacan-dynamic-items-list-shortcode_" . uniqid(). "' $props ></div>";
+		return wp_kses("<div data-module='dynamic-items-list' id='tainacan-dynamic-items-list-shortcode_" . uniqid(). "' $props ></div>", $allowed_html);
 	} 
 
 	/**
@@ -1000,9 +1077,6 @@ class Theme_Helper {
 		 * @return string  The HTML div to be used for rendering the related items vue component
 	 */
 	public function get_tainacan_related_items_list($args = []) {
-		global $TAINACAN_BASE_URL;
-		global $TAINACAN_VERSION;
-		
 		$defaults = array(
 			'class_name' => '',
 			'collection_heading_class_name' => '',
@@ -1025,22 +1099,21 @@ class Theme_Helper {
 			return;
 
 		// Always pass the default class. We force passing the wp-block-tainacan-carousel-related-items because themes might have used it to style before the other layouts exist;
-		$output = '<div data-module="related-items-list" class="' . $args['class_name'] . ' wp-block-tainacan-carousel-related-items wp-block-tainacan-related-items' . '">';
+		$output = '<div data-module="related-items-list" class="' .  esc_attr($args['class_name']) . ' wp-block-tainacan-carousel-related-items wp-block-tainacan-related-items' . '">';
 		
 		foreach($related_items as $collection_id => $related_group) {
 			
 			if ( isset($related_group['items']) && isset($related_group['total_items']) && $related_group['total_items'] ) {
-
 				// Adds a heading with the collection name
 				$collection_heading = '';
 				if ( isset($related_group['collection_name']) ) {
-					$collection_heading = '<' . $args['collection_heading_tag'] . ' class="' . $args['collection_heading_class_name'] . '">' . $related_group['collection_name'] . '</' . $args['collection_heading_tag'] . '>';
+					$collection_heading = wp_kses_post('<' . $args['collection_heading_tag'] . ' class="' . $args['collection_heading_class_name'] . '">' . $related_group['collection_name'] . '</' . $args['collection_heading_tag'] . '>');
 				}
 				
 				// Adds a paragraph with the metadata name
 				$metadata_label = '';
 				if ( isset($related_group['metadata_name']) ) {
-					$metadata_label = '<' . $args['metadata_label_tag'] . ' class="' . $args['metadata_label_class_name'] . '">' . $related_group['metadata_name'] . '</' . $args['metadata_label_tag'] . '>';
+					$metadata_label = wp_kses_post('<' . $args['metadata_label_tag'] . ' class="' . $args['metadata_label_class_name'] . '">' . $related_group['metadata_name'] . '</' . $args['metadata_label_tag'] . '>');
 				}
 				
 				// Sets the carousel, from the items carousel template tag.
@@ -1069,6 +1142,10 @@ class Theme_Helper {
 				
 				$output .= '<div class="wp-block-group">
 					<div class="wp-block-group__inner-container">' .
+						/**
+						 * Note to code reviewers: This lines doesn't need to be escaped.
+						 * Functions get_tainacan_items_carousel() and get_tainacan_dynamic_items_list used here escape the return value.
+						 */
 						$collection_heading .
 						$metadata_label .
 						$items_list_div .
@@ -1076,7 +1153,7 @@ class Theme_Helper {
 							$related_group['total_items'] > 1 ?
 								'<div class="wp-block-buttons">
 									<div class="wp-block-button">
-										<a class="wp-block-button__link" href="/' . $related_group['collection_slug'] . '?metaquery[0][key]=' . $related_group['metadata_id'] . '&metaquery[0][value][0]=' . $item->get_ID() . '&metaquery[0][compare]=IN">
+										<a class="wp-block-button__link" href="/' . esc_url($related_group['collection_slug']) . '?metaquery[0][key]=' . esc_attr($related_group['metadata_id']) . '&metaquery[0][value][0]=' . esc_attr($item->get_ID()) . '&metaquery[0][compare]=IN">
 											' . sprintf( __('View all %s related items', 'tainacan'), $related_group['total_items'] ) . '
 										</a>
 									</div>
diff --git a/src/classes/theme-helper/template-tags.php b/src/classes/theme-helper/template-tags.php
index 1308d9995..dbf250acd 100644
--- a/src/classes/theme-helper/template-tags.php
+++ b/src/classes/theme-helper/template-tags.php
@@ -3,6 +3,7 @@
 use \Tainacan\Entities;
 use \Tainacan\Repositories;
 
+
 /**
  * To be used inside The Loop
  *
@@ -126,7 +127,7 @@ function tainacan_the_item_document_download_link($item_id = 0) {
 	if (!$link || $item->get_document_type() == 'text' || $item->get_document_type() == 'url')
 		return;
 
-	return '<a name="' . __('Download the item document', 'tainacan') . '" download="'. $link . '" href="' . $link . '">' . __('Download', 'tainacan') . '</a>';
+	return '<a name="' . __('Download the item document', 'tainacan') . '" download="'. esc_url($link) . '" href="' . esc_url($link) . '">' . __('Download', 'tainacan') . '</a>';
 }
 
 
@@ -137,7 +138,7 @@ function tainacan_the_item_attachment_download_link($attachment_id) {
 
 	$link = wp_get_attachment_url($attachment_id);
 
-	return '<a name="' . __('Download the item attachment', 'tainacan') . '" download="'. $link . '" href="' . $link . '">' . __('Download', 'tainacan') . '</a>';
+	return '<a name="' . __('Download the item attachment', 'tainacan') . '" download="'. esc_url($link) . '" href="' . esc_url($link) . '">' . __('Download', 'tainacan') . '</a>';
 }
 
 function tainacan_the_document() {
@@ -212,7 +213,7 @@ function tainacan_get_the_collection_name() {
 	if ( $collection ) {
 		$name = $collection->get_name();
 	}
-	return apply_filters('tainacan-get-collection-name', $name, $collection);
+	return apply_filters('tainacan-get-collection-name', esc_html($name), $collection);
 }					
 
 /**
@@ -234,7 +235,7 @@ function tainacan_get_adjacent_items() {
  * @return void
  */
 function tainacan_the_collection_name() {
-	echo tainacan_get_the_collection_name();
+	echo esc_html(tainacan_get_the_collection_name());
 }
 
 /**
@@ -248,7 +249,7 @@ function tainacan_get_the_collection_description() {
 	if ( $collection ) {
 		$description = $collection->get_description();
 	}
-	return apply_filters('tainacan-get-collection-description', $description, $collection);
+	return apply_filters('tainacan-get-collection-description', esc_html($description), $collection);
 }
 
 /**
@@ -257,7 +258,7 @@ function tainacan_get_the_collection_description() {
  * @return void
  */
 function tainacan_the_collection_description() {
-	echo tainacan_get_the_collection_description();
+	echo esc_html(tainacan_get_the_collection_description());
 }
 
 /**
@@ -332,7 +333,17 @@ function tainacan_get_the_media_component(
 	$args['media_main_id'] = $media_id . '-main';
 	$args['media_thumbs_id'] = $media_id . '-thumbs';
 	$args['media_id'] = $media_id;
-	
+
+	if (!function_exists('tainacan_get_default_allowed_styles')) {
+		function tainacan_get_default_allowed_styles ( $styles ) {
+			$styles[] = 'display';
+			$styles[] = 'position';
+			$styles[] = 'visibility';
+			return $styles;
+		}
+	}
+	add_filter( 'safe_style_css', 'tainacan_get_default_allowed_styles');
+
 	if ( $args['has_media_main'] || $args['has_media_thumbs'] ) :
 		// Modal lightbox layer for rendering photoswipe
 		add_action('wp_footer', 'tainacan_get_the_media_modal_layer');
@@ -347,81 +358,85 @@ function tainacan_get_the_media_component(
 				tainacan_plugin = {};
 			}
 			tainacan_plugin.tainacan_media_components = (typeof tainacan_plugin.tainacan_media_components != "undefined") ? tainacan_plugin.tainacan_media_components : {};
-			tainacan_plugin.tainacan_media_components['<?php echo $args['media_id'] ?>'] = <?php echo json_encode($args) ?>;
+			tainacan_plugin.tainacan_media_components['<?php echo esc_attr($args['media_id']) ?>'] = <?php echo json_encode($args) ?>;
 		</script>	
 
-		<div id="<?php echo $media_id ?>" class="tainacan-media-component" data-module='item-gallery'>
+		<div id="<?php echo esc_attr($media_id) ?>" class="tainacan-media-component" data-module='item-gallery'>
 
 			<?php if ( $args['has_media_main'] ) : ?>
 				
 				<!-- Slider main container -->
-				<?php echo $args['before_main_div'] ?>
-				<div id="<?php echo $args['media_main_id'] ?>" class="tainacan-media-component__swiper-main swiper-container <?php echo $args['class_main_div'] ?>">
+				<?php echo wp_kses_post($args['before_main_div']) ?>
+				<div id="<?php echo esc_attr($args['media_main_id']) ?>" class="tainacan-media-component__swiper-main swiper-container <?php echo esc_attr($args['class_main_div']) ?>">
 					
 					<!-- Additional required wrapper -->
-					<?php echo $args['before_main_ul'] ?>
-					<ul class="swiper-wrapper <?php echo $args['class_main_ul'] ?>">
+					<?php echo wp_kses_post($args['before_main_ul']) ?>
+					<ul class="swiper-wrapper <?php echo esc_attr($args['class_main_ul']) ?>">
 						<?php foreach($media_items_main as $media_item) { ?>
-							<li class="swiper-slide <?php echo $args['class_main_li'] ?>">
-								<?php echo $media_item ?>
+							<li class="swiper-slide <?php echo esc_attr($args['class_main_li']) ?>">
+								<?php 
+									echo wp_kses_tainacan($media_item);
+								 ?>
 							</li>
 						<?php }; ?>
 					</ul>
-					<?php echo $args['before_main_ul'] ?>
+					<?php echo wp_kses_post($args['before_main_ul']) ?>
 
 					<?php if ( $args['swiper_main_options'] && isset($args['swiper_main_options']['pagination']) ) : ?>
 						<!-- If we need pagination -->
-						<div class="swiper-pagination swiper-pagination_<?php echo $args['media_main_id'] ?>"></div>
+						<div class="swiper-pagination swiper-pagination_<?php echo esc_attr($args['media_main_id']) ?>"></div>
 					<?php endif; ?>
 
 					<?php if ( $args['swiper_main_options'] && isset($args['swiper_main_options']['navigation']) ) : ?>
 						<!-- If we need navigation buttons -->
-						<div class="swiper-button-prev swiper-navigation-prev_<?php echo $args['media_main_id'] ?>"></div>
-						<div class="swiper-button-next swiper-navigation-next_<?php echo $args['media_main_id'] ?>"></div>
+						<div class="swiper-button-prev swiper-navigation-prev_<?php echo esc_attr($args['media_main_id']) ?>"></div>
+						<div class="swiper-button-next swiper-navigation-next_<?php echo esc_attr($args['media_main_id']) ?>"></div>
 					<?php endif; ?>
 				</div>
-				<?php echo $args['after_main_div'] ?>
+				<?php echo wp_kses_post($args['after_main_div']) ?>
 			<?php endif; ?>
 
 			<?php if ( $args['has_media_thumbs'] ) : ?>
 
 				<!-- Slider thumbs container -->
-				<?php echo $args['before_thumbs_div'] ?>
-				<div id="<?php echo $args['media_thumbs_id'] ?>" class="tainacan-media-component__swiper-thumbs swiper-container <?php echo $args['class_thumbs_div'] ?>">
+				<?php echo wp_kses_post($args['before_thumbs_div']) ?>
+				<div id="<?php echo esc_attr($args['media_thumbs_id']) ?>" class="tainacan-media-component__swiper-thumbs swiper-container <?php echo esc_attr($args['class_thumbs_div']) ?>">
 					
 					<!-- Additional required wrapper -->
-					<?php echo $args['before_thumbs_ul'] ?>
-					<ul class="swiper-wrapper <?php echo $args['class_thumbs_ul'] ?>">
+					<?php echo wp_kses_post($args['before_thumbs_ul']) ?>
+					<ul class="swiper-wrapper <?php echo esc_attr($args['class_thumbs_ul']) ?>">
 						<?php foreach($media_items_thumbs as $media_item) { ?>
-							<li class="swiper-slide <?php echo $args['class_thumbs_li'] ?>">
-								<?php echo $media_item ?>
+							<li class="swiper-slide <?php echo esc_attr($args['class_thumbs_li']) ?>">
+								<?php echo wp_kses_tainacan($media_item); ?>
 							</li>
 						<?php }; ?>
 					</ul>
-					<?php echo $args['before_thumbs_ul'] ?>
+					<?php echo wp_kses_post($args['before_thumbs_ul']) ?>
 
 					<?php if ( $args['swiper_thumbs_options'] && isset($args['swiper_thumbs_options']['pagination']) ) : ?>
 						<!-- If we need pagination -->
-						<div class="swiper-paginations swiper-pagination_<?php echo $args['media_thumbs_id'] ?>"></div>
+						<div class="swiper-paginations swiper-pagination_<?php echo esc_attr($args['media_thumbs_id']) ?>"></div>
 					<?php endif; ?>
 
 					<?php if ( $args['swiper_thumbs_options'] && isset($args['swiper_thumbs_options']['navigation']) ) : ?>
 						<!-- If we need navigation buttons -->
-						<div class="swiper-button-prev swiper-navigation-prev_<?php echo $args['media_thumbs_id'] ?>"></div>
-						<div class="swiper-button-next swiper-navigation-next_<?php echo $args['media_thumbs_id'] ?>"></div>
+						<div class="swiper-button-prev swiper-navigation-prev_<?php echo esc_attr($args['media_thumbs_id']) ?>"></div>
+						<div class="swiper-button-next swiper-navigation-next_<?php echo esc_attr($args['media_thumbs_id']) ?>"></div>
 					<?php endif; ?>
 
 					<!-- These elements will create a gradient on the side of the carousel -->
 					<div class="swiper-start-border"></div>
 					<div class="swiper-end-border"></div>
 				</div>
-				<?php echo $args['after_thumbs_div'] ?>
+				<?php echo wp_kses_post($args['after_thumbs_div']) ?>
 			<?php endif; ?>
 
 		</div>
 
-	<?php endif; ?> <!-- End of if ($args['has_media_main'] || $args['has_media_thumbs'] ) -->
-	
+	<?php
+	endif;
+	remove_filter( 'safe_style_css', 'tainacan_get_default_allowed_styles');
+	?> <!-- End of if ($args['has_media_main'] || $args['has_media_thumbs'] ) -->
 <?php
 }
 
@@ -467,49 +482,51 @@ function tainacan_get_the_media_component_slide( $args = array() ) {
 	ob_start();
 
 ?>
-	<?php echo $args['before_slide_content'] ?>
+	<?php echo wp_kses_post($args['before_slide_content']) ?>
 
-	<div class="swiper-slide-content <?php echo $args['class_slide_content'] ?>">
+	<div class="swiper-slide-content <?php echo esc_attr($args['class_slide_content']) ?>">
 
 		<?php if ( isset($args['media_content']) && !empty($args['media_content']) && $args['media_content'] !== false ) :?>
-			<?php echo $args['media_content'] ?>
+			<?php echo wp_kses_tainacan($args['media_content']) ?>
 		<?php else: ?>
-			<img src="<?php echo tainacan_get_the_mime_type_icon($args['media_type']) ?>" alt="<?php echo ( !empty($args['media_title']) ? $args['media_title'] : __('File', 'tainacan') ) ?>" >
+			<img src="<?php echo esc_url(tainacan_get_the_mime_type_icon($args['media_type'])) ?>" alt="<?php echo ( !empty($args['media_title']) ? esc_attr($args['media_title']) : __('File', 'tainacan') ) ?>" >
 		<?php endif; ?>
 		
-		<?php echo $args['before_slide_metadata'] ?>
+		<?php echo wp_kses_post($args['before_slide_metadata']); ?>
 
 		<?php if ( !empty($args['media_title']) || !empty($args['description']) || !empty($args['media_caption']) ) : ?>
-			<div class="swiper-slide-metadata  <?php echo $args['class_slide_metadata'] ?>">
+			<div class="swiper-slide-metadata  <?php echo wp_kses_post($args['class_slide_metadata']); ?>">
 				<?php if ( !empty($args['media_caption']) ) :?>
 					<span class="swiper-slide-metadata__caption">
-						<?php echo $args['media_caption'] ?>
+						<?php echo wp_kses_post($args['media_caption']); ?>
 						<br>
 					</span>
 				<?php endif; ?>	
 				<?php if ( !empty($args['media_title']) ) :?>
 					<span class="swiper-slide-metadata__name">
-						<?php echo $args['media_title'] ?>
+						<?php echo wp_kses_post($args['media_title']); ?>
 					</span>
 				<?php endif; ?>
 				<br>
 				<?php if ( !empty($args['media_description']) ) :?>
 					<span class="swiper-slide-metadata__description">
-						<?php echo $args['media_description'] ?>
+						<?php echo wp_kses_post($args['media_description']); ?>
 					</span>
 				<?php endif; ?>
 			</div>
 		<?php endif; ?>
 
 		<?php if ( !empty($args['media_content_full']) ) : ?>
-			<div class="media-full-content" style="display: none; position: absolute; visibility: hidden;"><?php echo $args['media_content_full'] ?></div>
+			<div class="media-full-content" style="display: none; position: absolute; visibility: hidden;">
+				<?php echo wp_kses_tainacan($args['media_content_full']) ?>
+			</div>
 		<?php endif; ?>
 
-		<?php echo $args['after_slide_metadata'] ?>
+		<?php echo wp_kses_post($args['after_slide_metadata']) ?>
 
 	</div>
 
-	<?php echo $args['after_slide_content'] ?>
+	<?php echo wp_kses_post($args['after_slide_content']) ?>
 
 <?php
 
@@ -600,7 +617,7 @@ function tainacan_get_the_collection_url() {
 	if ( $collection ) {
 		$url = $collection->get_url();
 	}
-	return apply_filters('tainacan-get-collection-url', $url, $collection);
+	return apply_filters('tainacan-get-collection-url', esc_url($url), $collection);
 }					
 
 
@@ -610,7 +627,7 @@ function tainacan_get_the_collection_url() {
  * @return void
  */
 function tainacan_the_collection_url() {
-	echo tainacan_get_the_collection_url();
+	echo esc_url(tainacan_get_the_collection_url());
 }
 
 
@@ -734,7 +751,7 @@ function tainacan_get_the_term_name() {
 	if ( $term ) {
 		$name = $term->name;
 	}
-	return apply_filters('tainacan-get-term-name', $name, $term);
+	return apply_filters('tainacan-get-term-name', esc_html($name), $term);
 }
 
 /**
@@ -743,7 +760,7 @@ function tainacan_get_the_term_name() {
  * @return void
  */
 function tainacan_the_term_name() {
-	echo tainacan_get_the_term_name();
+	echo esc_html(tainacan_get_the_term_name());
 }
 
 /**
@@ -757,7 +774,7 @@ function tainacan_get_the_term_description() {
 	if ( $term ) {
 		$description = $term->description;
 	}
-	return apply_filters('tainacan-get-term-description', $description, $term);
+	return apply_filters('tainacan-get-term-description', esc_html($description), $term);
 }
 
 /**
@@ -766,7 +783,7 @@ function tainacan_get_the_term_description() {
  * @return void
  */
 function tainacan_the_term_description() {
-	echo tainacan_get_the_term_description();
+	echo esc_html(tainacan_get_the_term_description());
 }
 
 /**
@@ -869,9 +886,9 @@ function tainacan_the_item_edit_link( $text = null, $before = '', $after = '', $
 		$text = __( 'Edit this item', 'tainacan' );
 	}
 
-	$link = '<a class="' . esc_attr( $class ) . '" href="' . esc_url( $url ) . '">' . $text . '</a>';
+	$link = '<a class="' . esc_attr($class) . '" href="' . esc_url( $url ) . '">' . $text . '</a>';
 
-	echo $before . $link . $after;
+	echo wp_kses_post($before . $link . $after);
 }
 
 /**
diff --git a/src/readme.txt b/src/readme.txt
index ab71742b6..199237109 100644
--- a/src/readme.txt
+++ b/src/readme.txt
@@ -2,9 +2,9 @@
 Contributors: andrebenedito, daltonmartins, fabianobn, jacsonp, leogermani, weryques, wetah, eduardohumberto, ravipassos, jessicafpx, marinagiolo, omarceloavila, vnmedeiros, tainacan, r-guimaraes, suelanesilva, ccaio, alanargomes, ateneagarcia123, rodrigo0freire, clarandreozzi
 Tags: museums, libraries, archives, GLAM, collections, repository
 Requires at least: 5.0
-Tested up to: 5.9
+Tested up to: 6.0
 Requires PHP: 5.6
-Stable tag: 0.18.8
+Stable tag: 0.18.10
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 
diff --git a/src/tainacan.php b/src/tainacan.php
index 919fee6aa..9b7be3a65 100644
--- a/src/tainacan.php
+++ b/src/tainacan.php
@@ -4,17 +4,17 @@ Plugin Name: Tainacan
 Plugin URI: https://tainacan.org/
 Description: Open source, powerful and flexible repository platform for WordPress. Manage and publish you digital collections as easily as publishing a post to your blog, while having all the tools of a professional repository platform.
 Author: Tainacan.org
-Version: 0.18.8
+Version: 0.18.10
 Requires at least: 5.0
-Tested up to: 5.9
+Tested up to: 6.0
 Requires PHP: 5.6
-Stable tag: 0.18.8
+Stable tag: 0.18.10
 Text Domain: tainacan
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 */
 
-const TAINACAN_VERSION = '0.18.8';
+const TAINACAN_VERSION = '0.18.10';
 
 defined( 'ABSPATH' ) or die( 'No script kiddies please!' );
 $TAINACAN_BASE_URL = plugins_url('', __FILE__);
@@ -122,4 +122,28 @@ function tainacan_add_admin_bar_items ( WP_Admin_Bar $admin_bar ) {
 		}
 	}
 }
-add_action( 'admin_bar_menu', 'tainacan_add_admin_bar_items', 500 );
\ No newline at end of file
+add_action( 'admin_bar_menu', 'tainacan_add_admin_bar_items', 500 );
+
+function wp_kses_tainacan($content, $context='tainacan_content') {
+	$allowed_html = wp_kses_allowed_html($context);
+	return wp_kses($content, $allowed_html);
+}
+
+add_filter('wp_kses_allowed_html', function($allowedposttags, $context) {
+	switch ( $context ) {
+		case 'tainacan_content':
+			$post_allowed_html = wp_kses_allowed_html('post');
+			return  array_merge(
+				$post_allowed_html, 
+				['iframe' => array(
+					'src'             => true,
+					'height'          => true,
+					'width'           => true,
+					'frameborder'     => true,
+					'allowfullscreen' => true,
+				)]
+			);
+		default:
+			return $allowedposttags;
+	}
+}, 10, 2);
\ No newline at end of file
diff --git a/src/views/admin/components/metadata-types/compound/class-tainacan-compound.php b/src/views/admin/components/metadata-types/compound/class-tainacan-compound.php
index 64860514b..d0140a754 100644
--- a/src/views/admin/components/metadata-types/compound/class-tainacan-compound.php
+++ b/src/views/admin/components/metadata-types/compound/class-tainacan-compound.php
@@ -235,10 +235,10 @@ class Compound extends Metadata_Type {
 			?>
 				<div class="tainacan-metadatum">
 					<h4 class="label">
-						<?php echo $meta->get_metadatum()->get_name(); ?>
+						<?php echo esc_html($meta->get_metadatum()->get_name()); ?>
 					</h4>
 					<p>
-						<?php echo $meta->get_value_as_html(); ?>
+						<?php echo wp_kses_post($meta->get_value_as_html()); ?>
 					</p>
 				</div>
 			<?php
diff --git a/src/views/admin/components/metadata-types/relationship/class-tainacan-relationship.php b/src/views/admin/components/metadata-types/relationship/class-tainacan-relationship.php
index 88923c9a1..80dccc5e7 100644
--- a/src/views/admin/components/metadata-types/relationship/class-tainacan-relationship.php
+++ b/src/views/admin/components/metadata-types/relationship/class-tainacan-relationship.php
@@ -309,7 +309,13 @@ class Relationship extends Metadata_Type {
 					<div class="tainacan-relationship-metadatum-header">
 						<?php echo ($should_display_thumbnail ? $this->get_item_thumbnail($thumbnail_id, $item) : ''); ?>
 						<h4 class="label">
-							<?php echo $value_link; ?>
+							<?php
+							/**
+							 * Note to code reviewers: This lines doesn't need to be escaped.
+							 * The variable $value_link is escaped.
+							 */
+							echo $value_link;
+							?>
 						</h4>
 					</div>
 				<?php
@@ -317,10 +323,10 @@ class Relationship extends Metadata_Type {
 				?>
 					<div class="tainacan-metadatum">
 						<h5 class="label">
-							<?php echo $meta->get_metadatum()->get_name(); ?>
+							<?php echo esc_html($meta->get_metadatum()->get_name()); ?>
 						</h5>
 						<p>
-							<?php echo ($value_link === false ? $meta->get_value_as_html() : $value_link); ?> 
+							<?php echo wp_kses_post(($value_link === false ? $meta->get_value_as_html() : $value_link)); ?> 
 						</p>
 					</div>
 				<?php
diff --git a/src/views/class-tainacan-admin.php b/src/views/class-tainacan-admin.php
index 86971ea38..5867a599f 100644
--- a/src/views/class-tainacan-admin.php
+++ b/src/views/class-tainacan-admin.php
@@ -402,9 +402,9 @@ class Admin {
 
 	function ajax_sample_permalink(){
 
-		$id = $_POST['post_id'];
-		$title = $_POST['new_title'];
-		$name = $_POST['new_slug'];
+		$id = sanitize_text_field($_POST['post_id']);
+		$title = sanitize_text_field($_POST['new_title']);
+		$name = sanitize_text_field($_POST['new_slug']);
 
 		$post = get_post( $id );
 		if ( ! $post )