How to escape html code?

Escaping depends on two things: what your variable contains, and what its container is. What the variable contains means – is it a URL? A string? JS? and so forth. What its container means – is it an attribute? Is it enclosed between two HTML tags? and so forth.

Assuming your variable $wfam_woocommerce_active is a string that does not contain HTML, and also that you probably want it output inside of a <th></th> tag, for this instance you could use:

<th>' . esc_html( $wfam_woocommerce_active ) . '</th>

If instead the variable contains the <th></th> tags, you could use

' . wp_kses_post( $wfam_woocommerce_active ) . '

which means to allow only the HTML that is allowed in Posts, which includes <th></th> and many other tags.

See more about escaping in the developer handbook.