Issue Taxonomy
All Issues
| Issue | Family | Weight | Affected | Fix |
|---|---|---|---|---|
| Missing direct file access protection missing_direct_file_access_protection | maintainability | medium | 4143 | Add an ABSPATH guard near the top of executable PHP files. |
| Output is not escaped WordPress.Security.EscapeOutput.OutputNotEscaped | security | critical | 3934 | Escape output with the function that matches the HTML context. |
| outdated tested upto header outdated_tested_upto_header | repo_compliance | high | 3487 | Align the plugin header, readme, and release package metadata. |
| Request data is not unslashed WordPress.Security.ValidatedSanitizedInput.MissingUnslash | security | critical | 3467 | Call `wp_unslash()` before sanitizing request input. |
| Input is not sanitized WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | security | critical | 3453 | Sanitize request data before using or storing it. |
| Non-prefixed global variable WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | maintainability | medium | 3220 | Prefix the global variable with a unique plugin namespace. |
| Nonce verification recommended WordPress.Security.NonceVerification.Recommended | security | critical | 3078 | Add nonce verification unless the request is intentionally public and read-only. |
| Non-prefixed hook name WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | maintainability | medium | 2861 | Prefix the hook name with a unique plugin namespace. |
| Input is not validated WordPress.Security.ValidatedSanitizedInput.InputNotValidated | security | critical | 2617 | Validate sanitized input against the values the code actually supports. |
| Non-prefixed function WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound | maintainability | medium | 2572 | Prefix the function with a unique plugin namespace. |
| Missing nonce verification WordPress.Security.NonceVerification.Missing | security | critical | 2371 | Verify a nonce before processing state-changing requests. |
| Direct Query WordPress.DB.DirectDatabaseQuery.DirectQuery | maintainability | medium | 2368 | Prefer WordPress APIs, and prepare and cache direct queries when they are necessary. |
| No Caching WordPress.DB.DirectDatabaseQuery.NoCaching | maintainability | medium | 2337 | Prefer WordPress APIs, and prepare and cache direct queries when they are necessary. |
| Missing Translators Comment WordPress.WP.I18n.MissingTranslatorsComment | i18n | low | 2301 | Use stable, literal translation strings and the plugin's correct text domain. |
| Text Domain Mismatch WordPress.WP.I18n.TextDomainMismatch | i18n | low | 2301 | Use stable, literal translation strings and the plugin's correct text domain. |
| wp function not compatible with requires wp wp_function_not_compatible_with_requires_wp | maintainability | medium | 2237 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| Missing Arg Domain WordPress.WP.I18n.MissingArgDomain | i18n | low | 2150 | Use stable, literal translation strings and the plugin's correct text domain. |
| Discouraged text-domain loading PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound | i18n | low | 2114 | Use stable, literal translation strings and the plugin's correct text domain. |
| trademarked term trademarked_term | maintainability | medium | 2099 | Adjust naming and promotional copy to be clear, accurate, and policy-safe. |
| Non-prefixed class WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound | maintainability | medium | 2080 | Prefix the class with a unique plugin namespace. |
| Missing Version WordPress.WP.EnqueuedResourceParameters.MissingVersion | maintainability | medium | 2032 | Load assets through `wp_enqueue_script()` or `wp_enqueue_style()` with complete metadata. |
| mismatched plugin name mismatched_plugin_name | maintainability | medium | 1952 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| Not In Footer WordPress.WP.EnqueuedResourceParameters.NotInFooter | maintainability | medium | 1951 | Load assets through `wp_enqueue_script()` or `wp_enqueue_style()` with complete metadata. |
| Unsafe printing function WordPress.Security.EscapeOutput.UnsafePrintingFunction | security | critical | 1858 | Escape each printed value before passing it to the printing function. |
| Non-prefixed constant WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound | maintainability | medium | 1756 | Prefix the constant with a unique plugin namespace. |
| Database parameter is not escaped PluginCheck.Security.DirectDB.UnescapedDBParameter | security | critical | 1676 | Prepare SQL values and allowlist SQL identifiers. |
| plugin header no license plugin_header_no_license | repo_compliance | high | 1642 | Use clear, consistent GPL-compatible license metadata. |
| date date WordPress.DateTime.RestrictedFunctions.date_date | maintainability | medium | 1487 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| wp redirect wp redirect WordPress.Security.SafeRedirect.wp_redirect_wp_redirect | security | critical | 1420 | Review the affected code path and apply the WordPress security API for that context. |
| readme parser warnings too many tags readme_parser_warnings_too_many_tags | repo_compliance | high | 1398 | Update the readme to match WordPress.org parser expectations. |
| Non Singular String Literal Text WordPress.WP.I18n.NonSingularStringLiteralText | i18n | low | 1353 | Use stable, literal translation strings and the plugin's correct text domain. |
| SQL query is not prepared WordPress.DB.PreparedSQL.NotPrepared | security | critical | 1268 | Use `$wpdb->prepare()` for dynamic SQL values. |
| Exception output is not escaped WordPress.Security.EscapeOutput.ExceptionNotEscaped | security | critical | 1089 | Escape exception output and avoid showing raw exception messages to visitors. |
| Interpolated SQL is not prepared WordPress.DB.PreparedSQL.InterpolatedNotPrepared | security | critical | 1063 | Put placeholders in the SQL string and pass dynamic values separately. |
| strip tags strip tags WordPress.WP.AlternativeFunctions.strip_tags_strip_tags | maintainability | medium | 1036 | Use a WordPress sanitizer or escaping function that matches the expected value. |
| Dynamic hook name WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound | maintainability | medium | 1026 | Use a stable plugin-prefixed hook name or tightly constrain the dynamic part. |
| error log print r WordPress.PHP.DevelopmentFunctions.error_log_print_r | maintainability | medium | 910 | Remove production debug output or guard it behind safe debug-only conditions. |
| error log error log WordPress.PHP.DevelopmentFunctions.error_log_error_log | maintainability | medium | 905 | Remove production debug output or guard it behind safe debug-only conditions. |
| slow db query meta key WordPress.DB.SlowDBQuery.slow_db_query_meta_key | maintainability | medium | 878 | Reduce expensive query arguments and add caching where the result is reused. |
| Unordered Placeholders Text WordPress.WP.I18n.UnorderedPlaceholdersText | i18n | low | 875 | Use stable, literal translation strings and the plugin's correct text domain. |
| file system operations fclose WordPress.WP.AlternativeFunctions.file_system_operations_fclose | maintainability | medium | 863 | Use the WordPress Filesystem API or tightly constrain file operations. |
| slow db query meta query WordPress.DB.SlowDBQuery.slow_db_query_meta_query | maintainability | medium | 828 | Reduce expensive query arguments and add caching where the result is reused. |
| Schema Change WordPress.DB.DirectDatabaseQuery.SchemaChange | maintainability | medium | 816 | Prefer WordPress APIs, and prepare and cache direct queries when they are necessary. |
| file system operations fopen WordPress.WP.AlternativeFunctions.file_system_operations_fopen | maintainability | medium | 803 | Use the WordPress Filesystem API or tightly constrain file operations. |
| parse url parse url WordPress.WP.AlternativeFunctions.parse_url_parse_url | maintainability | medium | 755 | Prefer WordPress URL helpers and validate parsed URL parts. |
| unlink unlink WordPress.WP.AlternativeFunctions.unlink_unlink | maintainability | medium | 753 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| Discouraged PHP function Squiz.PHP.DiscouragedFunctions.Discouraged | maintainability | medium | 749 | Replace the discouraged construct with a WordPress-friendly alternative. |
| Post Not In exclude WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_exclude | performance | medium | 678 | Use narrower queries, pagination, and caching for repeated expensive work. |
| rand rand WordPress.WP.AlternativeFunctions.rand_rand | maintainability | medium | 642 | Use a purpose-appropriate random API. |
| missing composer json file missing_composer_json_file | maintainability | medium | 629 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| Hidden files included hidden_files | supply_chain | critical | 616 | Remove hidden development files from the release package. |
| textdomain mismatch textdomain_mismatch | i18n | low | 604 | Use stable, literal translation strings and the plugin's correct text domain. |
| file system operations fwrite WordPress.WP.AlternativeFunctions.file_system_operations_fwrite | maintainability | medium | 598 | Use the WordPress Filesystem API or tightly constrain file operations. |
| slow db query meta value WordPress.DB.SlowDBQuery.slow_db_query_meta_value | maintainability | medium | 594 | Reduce expensive query arguments and add caching where the result is reused. |
| slow db query tax query WordPress.DB.SlowDBQuery.slow_db_query_tax_query | maintainability | medium | 591 | Reduce expensive query arguments and add caching where the result is reused. |
| Non Enqueued Script WordPress.WP.EnqueuedResources.NonEnqueuedScript | maintainability | medium | 584 | Load assets through `wp_enqueue_script()` or `wp_enqueue_style()` with complete metadata. |
| Setting is missing a sanitization callback PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissing | security | critical | 583 | Add a `sanitize_callback` when registering the setting. |
| No Explicit Version WordPress.WP.EnqueuedResourceParameters.NoExplicitVersion | maintainability | medium | 523 | Load assets through `wp_enqueue_script()` or `wp_enqueue_style()` with complete metadata. |
| readme parser warnings trimmed short description readme_parser_warnings_trimmed_short_description | repo_compliance | high | 500 | Update the readme to match WordPress.org parser expectations. |
| update modification detected update_modification_detected | maintainability | medium | 495 | Use the normal WordPress.org update flow unless there is a clearly documented reason. |
| Non Singular String Literal Domain WordPress.WP.I18n.NonSingularStringLiteralDomain | i18n | low | 473 | Use stable, literal translation strings and the plugin's correct text domain. |
| plugin updater detected plugin_updater_detected | maintainability | medium | 465 | Use the normal WordPress.org update flow unless there is a clearly documented reason. |
| five star reviews detected five_star_reviews_detected | maintainability | medium | 462 | Adjust naming and promotional copy to be clear, accurate, and policy-safe. |
| No PHP code found Internal.NoCodeFound | maintainability | medium | 461 | Review the scan output and package contents, then rerun the scan. |
| Forbidden PHP function found Generic.PHP.ForbiddenFunctions.Found | maintainability | medium | 460 | Replace the discouraged construct with a WordPress-friendly alternative. |
| badly named files badly_named_files | maintainability | medium | 457 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| file system operations mkdir WordPress.WP.AlternativeFunctions.file_system_operations_mkdir | maintainability | medium | 449 | Use the WordPress Filesystem API or tightly constrain file operations. |
| file system operations is writable WordPress.WP.AlternativeFunctions.file_system_operations_is_writable | maintainability | medium | 444 | Use the WordPress Filesystem API or tightly constrain file operations. |
| Plugin Directory Write PluginCheck.CodeAnalysis.WriteFile.PluginDirectoryWrite | maintainability | medium | 434 | Write only to appropriate data locations and never write executable code from untrusted input. |
| Post Not In post not in WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in | performance | medium | 426 | Use narrower queries, pagination, and caching for repeated expensive work. |
| Not Allowed PluginCheck.CodeAnalysis.Heredoc.NotAllowed | maintainability | medium | 413 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| curl curl init WordPress.WP.AlternativeFunctions.curl_curl_init | maintainability | medium | 408 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| curl curl exec WordPress.WP.AlternativeFunctions.curl_curl_exec | maintainability | medium | 401 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| license mismatch license_mismatch | repo_compliance | high | 392 | Use clear, consistent GPL-compatible license metadata. |
| error log trigger error WordPress.PHP.DevelopmentFunctions.error_log_trigger_error | maintainability | medium | 383 | Remove production debug output or guard it behind safe debug-only conditions. |
| Non Enqueued Stylesheet WordPress.WP.EnqueuedResources.NonEnqueuedStylesheet | maintainability | medium | 383 | Load assets through `wp_enqueue_script()` or `wp_enqueue_style()` with complete metadata. |
| plugin header nonexistent domain path plugin_header_nonexistent_domain_path | repo_compliance | high | 380 | Correct the plugin header metadata in the main plugin file. |
| Offloaded Content PluginCheck.CodeAnalysis.Offloading.OffloadedContent | maintainability | medium | 377 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| rand mt rand WordPress.WP.AlternativeFunctions.rand_mt_rand | maintainability | medium | 375 | Use a purpose-appropriate random API. |
| curl curl close WordPress.WP.AlternativeFunctions.curl_curl_close | maintainability | medium | 373 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| library core files library_core_files | maintainability | medium | 371 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| curl curl setopt WordPress.WP.AlternativeFunctions.curl_curl_setopt | maintainability | medium | 363 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| Offloaded Content PluginCheck.CodeAnalysis.EnqueuedResourceOffloading.OffloadedContent | maintainability | medium | 355 | Load assets through `wp_enqueue_script()` or `wp_enqueue_style()` with complete metadata. |
| Deprecated parameter: get_terms parameter 2 WordPress.WP.DeprecatedParameters.Get_termsParam2Found | maintainability | medium | 350 | Replace the deprecated usage with the current WordPress API. |
| no license no_license | repo_compliance | high | 346 | Use clear, consistent GPL-compatible license metadata. |
| No Empty Strings WordPress.WP.I18n.NoEmptyStrings | i18n | low | 326 | Use stable, literal translation strings and the plugin's correct text domain. |
| trunk stable tag trunk_stable_tag | maintainability | medium | 319 | Align the plugin header, readme, and release package metadata. |
| file system operations fread WordPress.WP.AlternativeFunctions.file_system_operations_fread | maintainability | medium | 311 | Use the WordPress Filesystem API or tightly constrain file operations. |
| No Html Wrapped Strings WordPress.WP.I18n.NoHtmlWrappedStrings | i18n | low | 311 | Use stable, literal translation strings and the plugin's correct text domain. |
| Unfinished Prepare WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare | security | critical | 308 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| file system operations rmdir WordPress.WP.AlternativeFunctions.file_system_operations_rmdir | maintainability | medium | 303 | Use the WordPress Filesystem API or tightly constrain file operations. |
| error log var export WordPress.PHP.DevelopmentFunctions.error_log_var_export | maintainability | medium | 297 | Remove production debug output or guard it behind safe debug-only conditions. |
| file system operations chmod WordPress.WP.AlternativeFunctions.file_system_operations_chmod | maintainability | medium | 275 | Use the WordPress Filesystem API or tightly constrain file operations. |
| rename rename WordPress.WP.AlternativeFunctions.rename_rename | maintainability | medium | 270 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| error log debug backtrace WordPress.PHP.DevelopmentFunctions.error_log_debug_backtrace | maintainability | medium | 266 | Remove production debug output or guard it behind safe debug-only conditions. |
| curl curl getinfo WordPress.WP.AlternativeFunctions.curl_curl_getinfo | maintainability | medium | 264 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| Non-prefixed interface WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedInterfaceFound | maintainability | medium | 248 | Prefix the interface with a unique plugin namespace. |
| curl curl error WordPress.WP.AlternativeFunctions.curl_curl_error | maintainability | medium | 245 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| Short PHP open tag found Generic.PHP.DisallowShortOpenTag.EchoFound | maintainability | medium | 229 | Normalize PHP files to standard tags, UTF-8 without BOM, and consistent line endings. |
| readme parser warnings no short description present readme_parser_warnings_no_short_description_present | repo_compliance | high | 229 | Update the readme to match WordPress.org parser expectations. |
| Non-prefixed global variable WordPress.NamingConventions.PrefixAllGlobals.VariableConstantNameFound | maintainability | medium | 228 | Prefix the global variable with a unique plugin namespace. |
| upgrade notice limit upgrade_notice_limit | maintainability | medium | 226 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| file system operations readfile WordPress.WP.AlternativeFunctions.file_system_operations_readfile | maintainability | medium | 219 | Use the WordPress Filesystem API or tightly constrain file operations. |
| readme mismatched header requires readme_mismatched_header_requires | repo_compliance | high | 218 | Update the readme to match WordPress.org parser expectations. |
| Quoted Simple Placeholder WordPress.DB.PreparedSQLPlaceholders.QuotedSimplePlaceholder | security | critical | 216 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| prevent path disclosure error reporting WordPress.PHP.DevelopmentFunctions.prevent_path_disclosure_error_reporting | maintainability | medium | 214 | Remove production debug output or guard it behind safe debug-only conditions. |
| Non-prefixed namespace WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedNamespaceFound | maintainability | medium | 205 | Prefix the namespace with a unique plugin namespace. |
| error log var dump WordPress.PHP.DevelopmentFunctions.error_log_var_dump | maintainability | medium | 200 | Remove production debug output or guard it behind safe debug-only conditions. |
| Deprecated parameter: load_plugin_textdomain parameter 2 WordPress.WP.DeprecatedParameters.Load_plugin_textdomainParam2Found | i18n | low | 189 | Use stable, literal translation strings and the plugin's correct text domain. |
| Discouraged PHP function WordPress.WP.DiscouragedFunctions.wp_reset_query_wp_reset_query | maintainability | medium | 183 | Replace the discouraged construct with a WordPress-friendly alternative. |
| stable tag mismatch stable_tag_mismatch | maintainability | medium | 183 | Align the plugin header, readme, and release package metadata. |
| block api version too low block_api_version_too_low | maintainability | medium | 181 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| curl curl errno WordPress.WP.AlternativeFunctions.curl_curl_errno | maintainability | medium | 176 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| Suppress Filters suppress filters WordPressVIPMinimum.Performance.WPQueryParams.SuppressFilters_suppress_filters | performance | medium | 173 | Use narrower queries, pagination, and caching for repeated expensive work. |
| readme short description non official language readme_short_description_non_official_language | repo_compliance | high | 173 | Update the readme to match WordPress.org parser expectations. |
| application detected application_detected | maintainability | medium | 168 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| Replacements Wrong Number WordPress.DB.PreparedSQLPlaceholders.ReplacementsWrongNumber | security | critical | 157 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| curl curl setopt array WordPress.WP.AlternativeFunctions.curl_curl_setopt_array | maintainability | medium | 156 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| error log set error handler WordPress.PHP.DevelopmentFunctions.error_log_set_error_handler | maintainability | medium | 154 | Remove production debug output or guard it behind safe debug-only conditions. |
| readme description non official language readme_description_non_official_language | repo_compliance | high | 139 | Update the readme to match WordPress.org parser expectations. |
| unexpected markdown file unexpected_markdown_file | maintainability | medium | 137 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| readme parser warnings trimmed section changelog readme_parser_warnings_trimmed_section_changelog | repo_compliance | high | 136 | Update the readme to match WordPress.org parser expectations. |
| file system operations touch WordPress.WP.AlternativeFunctions.file_system_operations_touch | maintainability | medium | 134 | Use the WordPress Filesystem API or tightly constrain file operations. |
| Input is not validated or sanitized WordPress.Security.ValidatedSanitizedInput.InputNotValidatedNotSanitized | security | critical | 129 | Unslash, sanitize, then validate the input before use. |
| Mixed line endings Internal.LineEndings.Mixed | maintainability | medium | 125 | Normalize PHP files to standard tags, UTF-8 without BOM, and consistent line endings. |
| file system operations fsockopen WordPress.WP.AlternativeFunctions.file_system_operations_fsockopen | maintainability | medium | 118 | Use the WordPress Filesystem API or tightly constrain file operations. |
| Plugin menu slug uses __FILE__ WordPress.Security.PluginMenuSlug.Using__FILE__ | security | critical | 113 | Review the affected code path and apply the WordPress security API for that context. |
| invalid plugin name invalid_plugin_name | maintainability | medium | 110 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| ABSPATHDetected PluginCheck.CodeAnalysis.WriteFile.ABSPATHDetected | maintainability | medium | 101 | Write only to appropriate data locations and never write executable code from untrusted input. |
| timezone change date default timezone set WordPress.DateTime.RestrictedFunctions.timezone_change_date_default_timezone_set | maintainability | medium | 96 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| Interpolated Variable Text WordPress.WP.I18n.InterpolatedVariableText | i18n | low | 94 | Use stable, literal translation strings and the plugin's correct text domain. |
| textdomain invalid format textdomain_invalid_format | i18n | low | 94 | Use stable, literal translation strings and the plugin's correct text domain. |
| Like Wildcards In Query WordPress.DB.PreparedSQLPlaceholders.LikeWildcardsInQuery | security | critical | 93 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| Deprecated function: get_page_by_title WordPress.WP.DeprecatedFunctions.get_page_by_titleFound | maintainability | medium | 92 | Replace the deprecated usage with the current WordPress API. |
| Short URL found PluginCheck.CodeAnalysis.ShortURL.Found | maintainability | medium | 91 | Replace development URLs with production URLs and avoid short links in distributed code. |
| Too Many Function Args WordPress.WP.I18n.TooManyFunctionArgs | i18n | low | 90 | Use stable, literal translation strings and the plugin's correct text domain. |
| file system operations is writeable WordPress.WP.AlternativeFunctions.file_system_operations_is_writeable | maintainability | medium | 85 | Use the WordPress Filesystem API or tightly constrain file operations. |
| readme parser warnings ignored tags readme_parser_warnings_ignored_tags | repo_compliance | high | 85 | Update the readme to match WordPress.org parser expectations. |
| readme mismatched header requires php readme_mismatched_header_requires_php | repo_compliance | high | 78 | Update the readme to match WordPress.org parser expectations. |
| Non-prefixed global symbol WordPress.NamingConventions.PrefixAllGlobals.InvalidPrefixPassed | maintainability | medium | 77 | Prefix the global symbol with a unique plugin namespace. |
| mismatched tested up to header mismatched_tested_up_to_header | repo_compliance | high | 77 | Align the plugin header, readme, and release package metadata. |
| plugin header invalid domain path plugin_header_invalid_domain_path | repo_compliance | high | 76 | Correct the plugin header metadata in the main plugin file. |
| file system operations fputs WordPress.WP.AlternativeFunctions.file_system_operations_fputs | maintainability | medium | 72 | Use the WordPress Filesystem API or tightly constrain file operations. |
| invalid license invalid_license | repo_compliance | high | 71 | Use clear, consistent GPL-compatible license metadata. |
| Missing Singular Placeholder WordPress.WP.I18n.MissingSingularPlaceholder | i18n | low | 70 | Use stable, literal translation strings and the plugin's correct text domain. |
| invalid tested upto minor invalid_tested_upto_minor | maintainability | medium | 69 | Align the plugin header, readme, and release package metadata. |
| Non Singular String Literal Plural WordPress.WP.I18n.NonSingularStringLiteralPlural | i18n | low | 66 | Use stable, literal translation strings and the plugin's correct text domain. |
| Deprecated parameter: add_option parameter 3 WordPress.WP.DeprecatedParameters.Add_optionParam3Found | maintainability | medium | 63 | Replace the deprecated usage with the current WordPress API. |
| prevent path disclosure phpinfo WordPress.PHP.DevelopmentFunctions.prevent_path_disclosure_phpinfo | maintainability | medium | 61 | Remove production debug output or guard it behind safe debug-only conditions. |
| Heredoc Output Not Escaped WordPress.Security.EscapeOutput.HeredocOutputNotEscaped | security | critical | 61 | Escape dynamic output at the point where it is printed. |
| Discouraged PHP function WordPress.WP.DiscouragedFunctions.query_posts_query_posts | maintainability | medium | 59 | Replace the discouraged construct with a WordPress-friendly alternative. |
| Localhost URL found PluginCheck.CodeAnalysis.Localhost.Found | maintainability | medium | 55 | Replace development URLs with production URLs and avoid short links in distributed code. |
| Deprecated function: screen_icon WordPress.WP.DeprecatedFunctions.screen_iconFound | maintainability | medium | 55 | Replace the deprecated usage with the current WordPress API. |
| Unquoted Complex Placeholder WordPress.DB.PreparedSQLPlaceholders.UnquotedComplexPlaceholder | security | critical | 53 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| Deprecated function: wp_get_sites WordPress.WP.DeprecatedFunctions.wp_get_sitesFound | maintainability | medium | 53 | Replace the deprecated usage with the current WordPress API. |
| no stable tag no_stable_tag | maintainability | medium | 53 | Align the plugin header, readme, and release package metadata. |
| Non Singular String Literal Single WordPress.WP.I18n.NonSingularStringLiteralSingle | i18n | low | 52 | Use stable, literal translation strings and the plugin's correct text domain. |
| readme parser warnings trimmed section description readme_parser_warnings_trimmed_section_description | repo_compliance | high | 47 | Update the readme to match WordPress.org parser expectations. |
| Deprecated function: seems_utf8 WordPress.WP.DeprecatedFunctions.seems_utf8Found | maintainability | medium | 43 | Replace the deprecated usage with the current WordPress API. |
| mysql mysqli get server info WordPress.DB.RestrictedFunctions.mysql_mysqli_get_server_info | maintainability | medium | 42 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| Compressed files included compressed_files | supply_chain | critical | 42 | Remove nested archives from the distributed plugin package. |
| Unsupported Identifier Placeholder WordPress.DB.PreparedSQLPlaceholders.UnsupportedIdentifierPlaceholder | security | critical | 41 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| uninstall missing constant check uninstall_missing_constant_check | maintainability | medium | 41 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| Unnecessary Prepare WordPress.DB.PreparedSQLPlaceholders.UnnecessaryPrepare | security | critical | 40 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| Non-prefixed trait WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedTraitFound | maintainability | medium | 40 | Prefix the trait with a unique plugin namespace. |
| Low Level Translation Function WordPress.WP.I18n.LowLevelTranslationFunction | i18n | low | 40 | Use stable, literal translation strings and the plugin's correct text domain. |
| Discouraged WordPress constant usage: TEMPLATEPATH WordPress.WP.DiscouragedConstants.TEMPLATEPATHUsageFound | maintainability | medium | 39 | Replace the discouraged construct with a WordPress-friendly alternative. |
| readme reserved contributors readme_reserved_contributors | repo_compliance | high | 39 | Update the readme to match WordPress.org parser expectations. |
| Deprecated parameter: wp_upload_bits parameter 2 WordPress.WP.DeprecatedParameters.Wp_upload_bitsParam2Found | maintainability | medium | 38 | Replace the deprecated usage with the current WordPress API. |
| github directory github_directory | maintainability | medium | 35 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| readme invalid donate link readme_invalid_donate_link | repo_compliance | high | 35 | Update the readme to match WordPress.org parser expectations. |
| Short PHP open tag found Generic.PHP.DisallowShortOpenTag.PossibleFound | maintainability | medium | 34 | Normalize PHP files to standard tags, UTF-8 without BOM, and consistent line endings. |
| plugin header unsupported plugin name plugin_header_unsupported_plugin_name | repo_compliance | high | 34 | Correct the plugin header metadata in the main plugin file. |
| plugin header invalid author uri plugin_header_invalid_author_uri | repo_compliance | high | 33 | Correct the plugin header metadata in the main plugin file. |
| Deprecated parameter: wp_count_terms parameter 2 WordPress.WP.DeprecatedParameters.Wp_count_termsParam2Found | maintainability | medium | 32 | Replace the deprecated usage with the current WordPress API. |
| error log wp debug backtrace summary WordPress.PHP.DevelopmentFunctions.error_log_wp_debug_backtrace_summary | maintainability | medium | 31 | Remove production debug output or guard it behind safe debug-only conditions. |
| mysql PDO WordPress.DB.RestrictedClasses.mysql__PDO | maintainability | medium | 30 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| Like Wildcards In Query With Placeholder WordPress.DB.PreparedSQLPlaceholders.LikeWildcardsInQueryWithPlaceholder | security | critical | 29 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| curl curl reset WordPress.WP.AlternativeFunctions.curl_curl_reset | maintainability | medium | 29 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| Unordered Placeholders Plural WordPress.WP.I18n.UnorderedPlaceholdersPlural | i18n | low | 29 | Use stable, literal translation strings and the plugin's correct text domain. |
| curl curl multi init WordPress.WP.AlternativeFunctions.curl_curl_multi_init | maintainability | medium | 28 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| curl curl multi add handle WordPress.WP.AlternativeFunctions.curl_curl_multi_add_handle | maintainability | medium | 27 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| curl curl multi exec WordPress.WP.AlternativeFunctions.curl_curl_multi_exec | maintainability | medium | 27 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| Discouraged WordPress constant usage: STYLESHEETPATH WordPress.WP.DiscouragedConstants.STYLESHEETPATHUsageFound | maintainability | medium | 27 | Replace the discouraged construct with a WordPress-friendly alternative. |
| Non Singular String Literal Context WordPress.WP.I18n.NonSingularStringLiteralContext | i18n | low | 27 | Use stable, literal translation strings and the plugin's correct text domain. |
| Unordered Placeholders Single WordPress.WP.I18n.UnorderedPlaceholdersSingle | i18n | low | 26 | Use stable, literal translation strings and the plugin's correct text domain. |
| Goto statement found Generic.PHP.DiscourageGoto.Found | maintainability | medium | 25 | Replace the discouraged construct with a WordPress-friendly alternative. |
| mysql mysqli connect WordPress.DB.RestrictedFunctions.mysql_mysqli_connect | maintainability | medium | 25 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| curl curl multi remove handle WordPress.WP.AlternativeFunctions.curl_curl_multi_remove_handle | maintainability | medium | 25 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| curl curl multi getcontent WordPress.WP.AlternativeFunctions.curl_curl_multi_getcontent | maintainability | medium | 24 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| curl curl multi close WordPress.WP.AlternativeFunctions.curl_curl_multi_close | maintainability | medium | 23 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| plugin header invalid license plugin_header_invalid_license | repo_compliance | high | 23 | Use clear, consistent GPL-compatible license metadata. |
| Mixed Ordered Placeholders Text WordPress.WP.I18n.MixedOrderedPlaceholdersText | i18n | low | 22 | Use stable, literal translation strings and the plugin's correct text domain. |
| mysql mysqli query WordPress.DB.RestrictedFunctions.mysql_mysqli_query | maintainability | medium | 20 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| rand seeding mt srand WordPress.WP.AlternativeFunctions.rand_seeding_mt_srand | maintainability | medium | 19 | Use a purpose-appropriate random API. |
| plugin header invalid network plugin_header_invalid_network | repo_compliance | high | 19 | Correct the plugin header metadata in the main plugin file. |
| plugin header invalid plugin uri plugin_header_invalid_plugin_uri | repo_compliance | high | 19 | Correct the plugin header metadata in the main plugin file. |
| mysql mysql query WordPress.DB.RestrictedFunctions.mysql_mysql_query | maintainability | medium | 18 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| allow unfiltered uploads detected allow_unfiltered_uploads_detected | maintainability | medium | 17 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| mysql mysqli WordPress.DB.RestrictedClasses.mysql__mysqli | maintainability | medium | 16 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| Deprecated function: get_current_theme WordPress.WP.DeprecatedFunctions.get_current_themeFound | maintainability | medium | 16 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: get_theme_data WordPress.WP.DeprecatedFunctions.get_theme_dataFound | maintainability | medium | 16 | Replace the deprecated usage with the current WordPress API. |
| mysql mysql get server info WordPress.DB.RestrictedFunctions.mysql_mysql_get_server_info | maintainability | medium | 15 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| rand seeding srand WordPress.WP.AlternativeFunctions.rand_seeding_srand | maintainability | medium | 15 | Use a purpose-appropriate random API. |
| Non Singular String Literal Singular WordPress.WP.I18n.NonSingularStringLiteralSingular | i18n | low | 15 | Use stable, literal translation strings and the plugin's correct text domain. |
| Single Underscore Get Text Function WordPress.WP.I18n.SingleUnderscoreGetTextFunction | i18n | low | 15 | Use stable, literal translation strings and the plugin's correct text domain. |
| ai instruction directory ai_instruction_directory | maintainability | medium | 15 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| Backtick operator found Generic.PHP.BacktickOperator.Found | maintainability | medium | 14 | Replace the discouraged construct with a WordPress-friendly alternative. |
| Unsupported Placeholder WordPress.DB.PreparedSQLPlaceholders.UnsupportedPlaceholder | security | critical | 14 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| mysql mysqli free result WordPress.DB.RestrictedFunctions.mysql_mysqli_free_result | maintainability | medium | 14 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| curl curl multi select WordPress.WP.AlternativeFunctions.curl_curl_multi_select | maintainability | medium | 14 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| Translators Comment Wrong Style WordPress.WP.I18n.TranslatorsCommentWrongStyle | i18n | low | 14 | Use stable, literal translation strings and the plugin's correct text domain. |
| missing readme header tested missing_readme_header_tested | repo_compliance | high | 14 | Update the readme to match WordPress.org parser expectations. |
| readme parser warnings requires header ignored readme_parser_warnings_requires_header_ignored | repo_compliance | high | 14 | Update the readme to match WordPress.org parser expectations. |
| readme parser warnings requires php header ignored readme_parser_warnings_requires_php_header_ignored | repo_compliance | high | 14 | Update the readme to match WordPress.org parser expectations. |
| Alternative PHP tag found Generic.PHP.DisallowAlternativePHPTags.MaybeASPShortOpenTagFound | maintainability | medium | 13 | Normalize PHP files to standard tags, UTF-8 without BOM, and consistent line endings. |
| mysql mysqli error WordPress.DB.RestrictedFunctions.mysql_mysqli_error | maintainability | medium | 13 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| Discouraged WordPress constant usage: PLUGINDIR WordPress.WP.DiscouragedConstants.PLUGINDIRUsageFound | maintainability | medium | 13 | Replace the discouraged construct with a WordPress-friendly alternative. |
| readme invalid contributors readme_invalid_contributors | repo_compliance | high | 13 | Update the readme to match WordPress.org parser expectations. |
| Scanner exception Internal.Exception | maintainability | medium | 12 | Review the scan output and package contents, then rerun the scan. |
| mysql mysql error WordPress.DB.RestrictedFunctions.mysql_mysql_error | maintainability | medium | 12 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli connect error WordPress.DB.RestrictedFunctions.mysql_mysqli_connect_error | maintainability | medium | 12 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli real escape string WordPress.DB.RestrictedFunctions.mysql_mysqli_real_escape_string | security | critical | 12 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| file system operations pfsockopen WordPress.WP.AlternativeFunctions.file_system_operations_pfsockopen | maintainability | medium | 12 | Use the WordPress Filesystem API or tightly constrain file operations. |
| Deprecated function: wp_make_content_images_responsive WordPress.WP.DeprecatedFunctions.wp_make_content_images_responsiveFound | maintainability | medium | 12 | Replace the deprecated usage with the current WordPress API. |
| Byte order mark found Generic.Files.ByteOrderMark.Found | maintainability | medium | 11 | Normalize PHP files to standard tags, UTF-8 without BOM, and consistent line endings. |
| mysql mysqli close WordPress.DB.RestrictedFunctions.mysql_mysqli_close | maintainability | medium | 11 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli fetch array WordPress.DB.RestrictedFunctions.mysql_mysqli_fetch_array | maintainability | medium | 11 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli num rows WordPress.DB.RestrictedFunctions.mysql_mysqli_num_rows | maintainability | medium | 11 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| curl curl multi info read WordPress.WP.AlternativeFunctions.curl_curl_multi_info_read | maintainability | medium | 11 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| Alternative PHP tag found Generic.PHP.DisallowAlternativePHPTags.MaybeASPOpenTagFound | maintainability | medium | 10 | Normalize PHP files to standard tags, UTF-8 without BOM, and consistent line endings. |
| Like Without Wildcards WordPress.DB.PreparedSQLPlaceholders.LikeWithoutWildcards | security | critical | 10 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| Quoted Dynamic Placeholder Generation WordPress.DB.PreparedSQLPlaceholders.QuotedDynamicPlaceholderGeneration | security | critical | 10 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| mysql mysql connect WordPress.DB.RestrictedFunctions.mysql_mysql_connect | maintainability | medium | 10 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql select db WordPress.DB.RestrictedFunctions.mysql_mysql_select_db | maintainability | medium | 10 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli fetch assoc WordPress.DB.RestrictedFunctions.mysql_mysqli_fetch_assoc | maintainability | medium | 10 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| curl curl file create WordPress.WP.AlternativeFunctions.curl_curl_file_create | maintainability | medium | 10 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| Deprecated function: get_currentuserinfo WordPress.WP.DeprecatedFunctions.get_currentuserinfoFound | maintainability | medium | 10 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: like_escape WordPress.WP.DeprecatedFunctions.like_escapeFound | security | critical | 10 | Replace the deprecated usage with the current WordPress API. |
| readme parser warnings tested header ignored readme_parser_warnings_tested_header_ignored | repo_compliance | high | 10 | Update the readme to match WordPress.org parser expectations. |
| mysql mysql close WordPress.DB.RestrictedFunctions.mysql_mysql_close | maintainability | medium | 9 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql free result WordPress.DB.RestrictedFunctions.mysql_mysql_free_result | maintainability | medium | 9 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql num rows WordPress.DB.RestrictedFunctions.mysql_mysql_num_rows | maintainability | medium | 9 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql real escape string WordPress.DB.RestrictedFunctions.mysql_mysql_real_escape_string | security | critical | 9 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli errno WordPress.DB.RestrictedFunctions.mysql_mysqli_errno | maintainability | medium | 9 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| Deprecated class: services_json WordPress.WP.DeprecatedClasses.services_jsonFound | maintainability | medium | 9 | Replace the deprecated usage with the current WordPress API. |
| Deprecated parameter: get_site_option parameter 3 WordPress.WP.DeprecatedParameters.Get_site_optionParam3Found | maintainability | medium | 9 | Replace the deprecated usage with the current WordPress API. |
| Deprecated parameter: wp_new_user_notification parameter 2 WordPress.WP.DeprecatedParameters.Wp_new_user_notificationParam2Found | maintainability | medium | 9 | Replace the deprecated usage with the current WordPress API. |
| Mismatched Placeholders WordPress.WP.I18n.MismatchedPlaceholders | i18n | low | 9 | Use stable, literal translation strings and the plugin's correct text domain. |
| case sensitive files case_sensitive_files | maintainability | medium | 9 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| mysql mysql fetch assoc WordPress.DB.RestrictedFunctions.mysql_mysql_fetch_assoc | maintainability | medium | 8 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli fetch row WordPress.DB.RestrictedFunctions.mysql_mysqli_fetch_row | maintainability | medium | 8 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli init WordPress.DB.RestrictedFunctions.mysql_mysqli_init | maintainability | medium | 8 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| error log debug print backtrace WordPress.PHP.DevelopmentFunctions.error_log_debug_print_backtrace | maintainability | medium | 8 | Remove production debug output or guard it behind safe debug-only conditions. |
| Deprecated function: attribute_escape WordPress.WP.DeprecatedFunctions.attribute_escapeFound | security | critical | 8 | Replace the deprecated usage with the current WordPress API. |
| Deprecated parameter value found WordPress.WP.DeprecatedParameterValues.Found | maintainability | medium | 8 | Replace the deprecated usage with the current WordPress API. |
| Deprecated parameter: term_description parameter 2 WordPress.WP.DeprecatedParameters.Term_descriptionParam2Found | maintainability | medium | 8 | Replace the deprecated usage with the current WordPress API. |
| Interpolated Variable Plural WordPress.WP.I18n.InterpolatedVariablePlural | i18n | low | 8 | Use stable, literal translation strings and the plugin's correct text domain. |
| plugin header invalid requires wp plugin_header_invalid_requires_wp | repo_compliance | high | 8 | Correct the plugin header metadata in the main plugin file. |
| mysql mysql errno WordPress.DB.RestrictedFunctions.mysql_mysql_errno | maintainability | medium | 7 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli report WordPress.DB.RestrictedFunctions.mysql_mysqli_report | maintainability | medium | 7 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| file system operations chgrp WordPress.WP.AlternativeFunctions.file_system_operations_chgrp | maintainability | medium | 7 | Use the WordPress Filesystem API or tightly constrain file operations. |
| file system operations chown WordPress.WP.AlternativeFunctions.file_system_operations_chown | maintainability | medium | 7 | Use the WordPress Filesystem API or tightly constrain file operations. |
| Deprecated class: services_json_error WordPress.WP.DeprecatedClasses.services_json_errorFound | maintainability | medium | 7 | Replace the deprecated usage with the current WordPress API. |
| Deprecated class: wp_http_curl WordPress.WP.DeprecatedClasses.wp_http_curlFound | maintainability | medium | 7 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: add_contextual_help WordPress.WP.DeprecatedFunctions.add_contextual_helpFound | maintainability | medium | 7 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: get_theme WordPress.WP.DeprecatedFunctions.get_themeFound | maintainability | medium | 7 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: image_resize WordPress.WP.DeprecatedFunctions.image_resizeFound | maintainability | medium | 7 | Replace the deprecated usage with the current WordPress API. |
| Unescaped Literal WordPress.DB.PreparedSQLPlaceholders.UnescapedLiteral | security | critical | 6 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| mysql mysql fetch array WordPress.DB.RestrictedFunctions.mysql_mysql_fetch_array | maintainability | medium | 6 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql fetch row WordPress.DB.RestrictedFunctions.mysql_mysql_fetch_row | maintainability | medium | 6 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql set charset WordPress.DB.RestrictedFunctions.mysql_mysql_set_charset | maintainability | medium | 6 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli affected rows WordPress.DB.RestrictedFunctions.mysql_mysqli_affected_rows | maintainability | medium | 6 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli connect errno WordPress.DB.RestrictedFunctions.mysql_mysqli_connect_errno | maintainability | medium | 6 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli fetch object WordPress.DB.RestrictedFunctions.mysql_mysqli_fetch_object | maintainability | medium | 6 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli get client info WordPress.DB.RestrictedFunctions.mysql_mysqli_get_client_info | maintainability | medium | 6 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli insert id WordPress.DB.RestrictedFunctions.mysql_mysqli_insert_id | maintainability | medium | 6 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| Deprecated function: add_option_whitelist WordPress.WP.DeprecatedFunctions.add_option_whitelistFound | maintainability | medium | 6 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: current_user_can_for_blog WordPress.WP.DeprecatedFunctions.current_user_can_for_blogFound | maintainability | medium | 6 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: get_themes WordPress.WP.DeprecatedFunctions.get_themesFound | maintainability | medium | 6 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: get_userdatabylogin WordPress.WP.DeprecatedFunctions.get_userdatabyloginFound | maintainability | medium | 6 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: wp_specialchars WordPress.WP.DeprecatedFunctions.wp_specialcharsFound | maintainability | medium | 6 | Replace the deprecated usage with the current WordPress API. |
| Interpolated Variable Single WordPress.WP.I18n.InterpolatedVariableSingle | i18n | low | 6 | Use stable, literal translation strings and the plugin's correct text domain. |
| mysql mysql num fields WordPress.DB.RestrictedFunctions.mysql_mysql_num_fields | maintainability | medium | 5 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql unbuffered query WordPress.DB.RestrictedFunctions.mysql_mysql_unbuffered_query | maintainability | medium | 5 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli real connect WordPress.DB.RestrictedFunctions.mysql_mysqli_real_connect | maintainability | medium | 5 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli set charset WordPress.DB.RestrictedFunctions.mysql_mysqli_set_charset | maintainability | medium | 5 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| Deprecated function: wp_htmledit_pre WordPress.WP.DeprecatedFunctions.wp_htmledit_preFound | maintainability | medium | 5 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: wp_no_robots WordPress.WP.DeprecatedFunctions.wp_no_robotsFound | maintainability | medium | 5 | Replace the deprecated usage with the current WordPress API. |
| plugin header invalid requires php plugin_header_invalid_requires_php | repo_compliance | high | 5 | Correct the plugin header metadata in the main plugin file. |
| mysql mysql affected rows WordPress.DB.RestrictedFunctions.mysql_mysql_affected_rows | maintainability | medium | 4 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql fetch field WordPress.DB.RestrictedFunctions.mysql_mysql_fetch_field | maintainability | medium | 4 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql get client info WordPress.DB.RestrictedFunctions.mysql_mysql_get_client_info | maintainability | medium | 4 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli next result WordPress.DB.RestrictedFunctions.mysql_mysqli_next_result | maintainability | medium | 4 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli select db WordPress.DB.RestrictedFunctions.mysql_mysqli_select_db | maintainability | medium | 4 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| curl curl strerror WordPress.WP.AlternativeFunctions.curl_curl_strerror | maintainability | medium | 4 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| Deprecated function: _inject_theme_attribute_in_block_template_content WordPress.WP.DeprecatedFunctions._inject_theme_attribute_in_block_template_contentFound | maintainability | medium | 4 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: get_user_by_email WordPress.WP.DeprecatedFunctions.get_user_by_emailFound | maintainability | medium | 4 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: wp_blacklist_check WordPress.WP.DeprecatedFunctions.wp_blacklist_checkFound | maintainability | medium | 4 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: wp_init_targeted_link_rel_filters WordPress.WP.DeprecatedFunctions.wp_init_targeted_link_rel_filtersFound | maintainability | medium | 4 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: wp_remove_targeted_link_rel_filters WordPress.WP.DeprecatedFunctions.wp_remove_targeted_link_rel_filtersFound | maintainability | medium | 4 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: wp_tiny_mce WordPress.WP.DeprecatedFunctions.wp_tiny_mceFound | maintainability | medium | 4 | Replace the deprecated usage with the current WordPress API. |
| Obfuscated code detected obfuscated_code_detected | supply_chain | critical | 4 | Ship readable source code and remove obfuscation. |
| Missing Replacements WordPress.DB.PreparedSQLPlaceholders.MissingReplacements | security | critical | 3 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| mysql mysql data seek WordPress.DB.RestrictedFunctions.mysql_mysql_data_seek | maintainability | medium | 3 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql field flags WordPress.DB.RestrictedFunctions.mysql_mysql_field_flags | maintainability | medium | 3 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql insert id WordPress.DB.RestrictedFunctions.mysql_mysql_insert_id | maintainability | medium | 3 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql result WordPress.DB.RestrictedFunctions.mysql_mysql_result | maintainability | medium | 3 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli get client version WordPress.DB.RestrictedFunctions.mysql_mysqli_get_client_version | maintainability | medium | 3 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli more results WordPress.DB.RestrictedFunctions.mysql_mysqli_more_results | maintainability | medium | 3 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli num fields WordPress.DB.RestrictedFunctions.mysql_mysqli_num_fields | maintainability | medium | 3 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli prepare WordPress.DB.RestrictedFunctions.mysql_mysqli_prepare | maintainability | medium | 3 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli store result WordPress.DB.RestrictedFunctions.mysql_mysqli_store_result | maintainability | medium | 3 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| curl curl copy handle WordPress.WP.AlternativeFunctions.curl_curl_copy_handle | maintainability | medium | 3 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| curl curl escape WordPress.WP.AlternativeFunctions.curl_curl_escape | security | critical | 3 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| curl curl unescape WordPress.WP.AlternativeFunctions.curl_curl_unescape | security | critical | 3 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| Deprecated function: clean_url WordPress.WP.DeprecatedFunctions.clean_urlFound | maintainability | medium | 3 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: get_blog_list WordPress.WP.DeprecatedFunctions.get_blog_listFound | maintainability | medium | 3 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: get_settings WordPress.WP.DeprecatedFunctions.get_settingsFound | maintainability | medium | 3 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: get_users_of_blog WordPress.WP.DeprecatedFunctions.get_users_of_blogFound | maintainability | medium | 3 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: the_editor WordPress.WP.DeprecatedFunctions.the_editorFound | maintainability | medium | 3 | Replace the deprecated usage with the current WordPress API. |
| Discouraged WordPress constant usage: MUPLUGINDIR WordPress.WP.DiscouragedConstants.MUPLUGINDIRUsageFound | maintainability | medium | 3 | Replace the discouraged construct with a WordPress-friendly alternative. |
| Interpolated Variable Domain WordPress.WP.I18n.InterpolatedVariableDomain | i18n | low | 3 | Use stable, literal translation strings and the plugin's correct text domain. |
| case sensitive folders case_sensitive_folders | maintainability | medium | 3 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| phar files phar_files | maintainability | medium | 3 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| plugin header invalid plugin description plugin_header_invalid_plugin_description | repo_compliance | high | 3 | Correct the plugin header metadata in the main plugin file. |
| Missing required parameter: parse_str_result PluginCheck.CodeAnalysis.RequiredFunctionParameters.parse_str_resultMissing | maintainability | medium | 2 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| mysql mysql fetch object WordPress.DB.RestrictedFunctions.mysql_mysql_fetch_object | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql field name WordPress.DB.RestrictedFunctions.mysql_mysql_field_name | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql info WordPress.DB.RestrictedFunctions.mysql_mysql_info | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql pconnect WordPress.DB.RestrictedFunctions.mysql_mysql_pconnect | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql ping WordPress.DB.RestrictedFunctions.mysql_mysql_ping | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli fetch field direct WordPress.DB.RestrictedFunctions.mysql_mysqli_fetch_field_direct | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli fetch fields WordPress.DB.RestrictedFunctions.mysql_mysqli_fetch_fields | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli multi query WordPress.DB.RestrictedFunctions.mysql_mysqli_multi_query | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli ssl set WordPress.DB.RestrictedFunctions.mysql_mysqli_ssl_set | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli stmt bind param WordPress.DB.RestrictedFunctions.mysql_mysqli_stmt_bind_param | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli stmt execute WordPress.DB.RestrictedFunctions.mysql_mysqli_stmt_execute | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| curl curl pause WordPress.WP.AlternativeFunctions.curl_curl_pause | maintainability | medium | 2 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| Deprecated function: is_taxonomy WordPress.WP.DeprecatedFunctions.is_taxonomyFound | maintainability | medium | 2 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: js_escape WordPress.WP.DeprecatedFunctions.js_escapeFound | security | critical | 2 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: register_sidebar_widget WordPress.WP.DeprecatedFunctions.register_sidebar_widgetFound | maintainability | medium | 2 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: register_widget_control WordPress.WP.DeprecatedFunctions.register_widget_controlFound | maintainability | medium | 2 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: wp_get_http WordPress.WP.DeprecatedFunctions.wp_get_httpFound | maintainability | medium | 2 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: wp_get_loading_attr_default WordPress.WP.DeprecatedFunctions.wp_get_loading_attr_defaultFound | maintainability | medium | 2 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: wp_richedit_pre WordPress.WP.DeprecatedFunctions.wp_richedit_preFound | maintainability | medium | 2 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: wp_targeted_link_rel WordPress.WP.DeprecatedFunctions.wp_targeted_link_relFound | maintainability | medium | 2 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: wp_update_core WordPress.WP.DeprecatedFunctions.wp_update_coreFound | maintainability | medium | 2 | Replace the deprecated usage with the current WordPress API. |
| Deprecated parameter: register_meta parameter 4 WordPress.WP.DeprecatedParameters.Register_metaParam4Found | maintainability | medium | 2 | Replace the deprecated usage with the current WordPress API. |
| Deprecated parameter: unregister_setting parameter 3 WordPress.WP.DeprecatedParameters.Unregister_settingParam3Found | maintainability | medium | 2 | Replace the deprecated usage with the current WordPress API. |
| Interpolated Variable Singular WordPress.WP.I18n.InterpolatedVariableSingular | i18n | low | 2 | Use stable, literal translation strings and the plugin's correct text domain. |
| Unordered Placeholders Singular WordPress.WP.I18n.UnorderedPlaceholdersSingular | i18n | low | 2 | Use stable, literal translation strings and the plugin's correct text domain. |
| nonexistent tested upto header nonexistent_tested_upto_header | repo_compliance | high | 2 | Align the plugin header, readme, and release package metadata. |
| register setting Invalid PluginCheck.CodeAnalysis.SettingSanitization.register_settingInvalid | security | critical | 1 | Review the affected code path and apply the WordPress security API for that context. |
| Quoted Identifier Placeholder WordPress.DB.PreparedSQLPlaceholders.QuotedIdentifierPlaceholder | security | critical | 1 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| mysql My SQLi WordPress.DB.RestrictedClasses.mysql__MySQLi | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql create db WordPress.DB.RestrictedFunctions.mysql_mysql_create_db | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql db name WordPress.DB.RestrictedFunctions.mysql_mysql_db_name | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql db query WordPress.DB.RestrictedFunctions.mysql_mysql_db_query | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql drop db WordPress.DB.RestrictedFunctions.mysql_mysql_drop_db | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql fetch lengths WordPress.DB.RestrictedFunctions.mysql_mysql_fetch_lengths | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql field len WordPress.DB.RestrictedFunctions.mysql_mysql_field_len | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql field seek WordPress.DB.RestrictedFunctions.mysql_mysql_field_seek | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql field table WordPress.DB.RestrictedFunctions.mysql_mysql_field_table | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql get host info WordPress.DB.RestrictedFunctions.mysql_mysql_get_host_info | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql get proto info WordPress.DB.RestrictedFunctions.mysql_mysql_get_proto_info | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql list dbs WordPress.DB.RestrictedFunctions.mysql_mysql_list_dbs | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql list fields WordPress.DB.RestrictedFunctions.mysql_mysql_list_fields | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql list processes WordPress.DB.RestrictedFunctions.mysql_mysql_list_processes | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql list tables WordPress.DB.RestrictedFunctions.mysql_mysql_list_tables | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql stat WordPress.DB.RestrictedFunctions.mysql_mysql_stat | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql tablename WordPress.DB.RestrictedFunctions.mysql_mysql_tablename | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql thread id WordPress.DB.RestrictedFunctions.mysql_mysql_thread_id | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli autocommit WordPress.DB.RestrictedFunctions.mysql_mysqli_autocommit | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli character set name WordPress.DB.RestrictedFunctions.mysql_mysqli_character_set_name | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli commit WordPress.DB.RestrictedFunctions.mysql_mysqli_commit | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli data seek WordPress.DB.RestrictedFunctions.mysql_mysqli_data_seek | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli driver WordPress.DB.RestrictedFunctions.mysql_mysqli_driver | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli fetch field WordPress.DB.RestrictedFunctions.mysql_mysqli_fetch_field | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli get cache stats WordPress.DB.RestrictedFunctions.mysql_mysqli_get_cache_stats | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli get client stats WordPress.DB.RestrictedFunctions.mysql_mysqli_get_client_stats | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli options WordPress.DB.RestrictedFunctions.mysql_mysqli_options | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli ping WordPress.DB.RestrictedFunctions.mysql_mysqli_ping | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli real query WordPress.DB.RestrictedFunctions.mysql_mysqli_real_query | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli stmt close WordPress.DB.RestrictedFunctions.mysql_mysqli_stmt_close | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli stmt get result WordPress.DB.RestrictedFunctions.mysql_mysqli_stmt_get_result | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqlnd ms dump servers WordPress.DB.RestrictedFunctions.mysql_mysqlnd_ms_dump_servers | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqlnd ms fabric select global WordPress.DB.RestrictedFunctions.mysql_mysqlnd_ms_fabric_select_global | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqlnd ms fabric select shard WordPress.DB.RestrictedFunctions.mysql_mysqlnd_ms_fabric_select_shard | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqlnd ms get last used connection WordPress.DB.RestrictedFunctions.mysql_mysqlnd_ms_get_last_used_connection | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqlnd qc clear cache WordPress.DB.RestrictedFunctions.mysql_mysqlnd_qc_clear_cache | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqlnd qc set is select WordPress.DB.RestrictedFunctions.mysql_mysqlnd_qc_set_is_select | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqlnd qc set storage handler WordPress.DB.RestrictedFunctions.mysql_mysqlnd_qc_set_storage_handler | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| curl curl multi errno WordPress.WP.AlternativeFunctions.curl_curl_multi_errno | maintainability | medium | 1 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| curl curl multi setopt WordPress.WP.AlternativeFunctions.curl_curl_multi_setopt | maintainability | medium | 1 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| curl curl multi strerror WordPress.WP.AlternativeFunctions.curl_curl_multi_strerror | maintainability | medium | 1 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| curl curl share errno WordPress.WP.AlternativeFunctions.curl_curl_share_errno | maintainability | medium | 1 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| curl curl share setopt WordPress.WP.AlternativeFunctions.curl_curl_share_setopt | maintainability | medium | 1 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| Deprecated class: wp_http_streams WordPress.WP.DeprecatedClasses.wp_http_streamsFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: _get_path_to_translation WordPress.WP.DeprecatedFunctions._get_path_to_translationFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: _get_path_to_translation_from_lang_dir WordPress.WP.DeprecatedFunctions._get_path_to_translation_from_lang_dirFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: _rotate_image_resource WordPress.WP.DeprecatedFunctions._rotate_image_resourceFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: add_custom_background WordPress.WP.DeprecatedFunctions.add_custom_backgroundFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: add_object_page WordPress.WP.DeprecatedFunctions.add_object_pageFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: add_utility_page WordPress.WP.DeprecatedFunctions.add_utility_pageFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: get_alloptions WordPress.WP.DeprecatedFunctions.get_alloptionsFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: get_author_link WordPress.WP.DeprecatedFunctions.get_author_linkFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: get_post_to_edit WordPress.WP.DeprecatedFunctions.get_post_to_editFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: get_usermeta WordPress.WP.DeprecatedFunctions.get_usermetaFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: global_terms_enabled WordPress.WP.DeprecatedFunctions.global_terms_enabledFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: is_site_admin WordPress.WP.DeprecatedFunctions.is_site_adminFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: is_term WordPress.WP.DeprecatedFunctions.is_termFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: sanitize_user_object WordPress.WP.DeprecatedFunctions.sanitize_user_objectFound | security | critical | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: translate_with_context WordPress.WP.DeprecatedFunctions.translate_with_contextFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: update_user_status WordPress.WP.DeprecatedFunctions.update_user_statusFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: update_usermeta WordPress.WP.DeprecatedFunctions.update_usermetaFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: user_pass_ok WordPress.WP.DeprecatedFunctions.user_pass_okFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: wp_admin_bar_header WordPress.WP.DeprecatedFunctions.wp_admin_bar_headerFound | repo_compliance | high | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: wp_cache_reset WordPress.WP.DeprecatedFunctions.wp_cache_resetFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: wp_get_duotone_filter_svg WordPress.WP.DeprecatedFunctions.wp_get_duotone_filter_svgFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: wp_get_user_request_data WordPress.WP.DeprecatedFunctions.wp_get_user_request_dataFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: wp_img_tag_add_loading_attr WordPress.WP.DeprecatedFunctions.wp_img_tag_add_loading_attrFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: wp_kses_js_entities WordPress.WP.DeprecatedFunctions.wp_kses_js_entitiesFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: wp_load_image WordPress.WP.DeprecatedFunctions.wp_load_imageFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated function: wp_preload_dialogs WordPress.WP.DeprecatedFunctions.wp_preload_dialogsFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated parameter: get_delete_post_link parameter 2 WordPress.WP.DeprecatedParameters.Get_delete_post_linkParam2Found | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated parameter: get_the_author parameter 1 WordPress.WP.DeprecatedParameters.Get_the_authorParam1Found | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated parameter: get_user_option parameter 3 WordPress.WP.DeprecatedParameters.Get_user_optionParam3Found | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated parameter: get_wp_title_rss parameter 1 WordPress.WP.DeprecatedParameters.Get_wp_title_rssParam1Found | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated parameter: switch_to_blog parameter 2 WordPress.WP.DeprecatedParameters.Switch_to_blogParam2Found | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated parameter: wp_install parameter 5 WordPress.WP.DeprecatedParameters.Wp_installParam5Found | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Deprecated parameter: _wp_post_revision_fields parameter 2 WordPress.WP.DeprecatedParameters._wp_post_revision_fieldsParam2Found | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Discouraged WordPress constant declaration: HEADER_IMAGE_HEIGHT WordPress.WP.DiscouragedConstants.HEADER_IMAGE_HEIGHTDeclarationFound | repo_compliance | high | 1 | Replace the discouraged construct with a WordPress-friendly alternative. |
| Discouraged WordPress constant usage: HEADER_IMAGE_HEIGHT WordPress.WP.DiscouragedConstants.HEADER_IMAGE_HEIGHTUsageFound | repo_compliance | high | 1 | Replace the discouraged construct with a WordPress-friendly alternative. |
| Discouraged WordPress constant declaration: HEADER_IMAGE_WIDTH WordPress.WP.DiscouragedConstants.HEADER_IMAGE_WIDTHDeclarationFound | repo_compliance | high | 1 | Replace the discouraged construct with a WordPress-friendly alternative. |
| Discouraged WordPress constant usage: HEADER_IMAGE_WIDTH WordPress.WP.DiscouragedConstants.HEADER_IMAGE_WIDTHUsageFound | repo_compliance | high | 1 | Replace the discouraged construct with a WordPress-friendly alternative. |
| Discouraged WordPress constant declaration: HEADER_TEXTCOLOR WordPress.WP.DiscouragedConstants.HEADER_TEXTCOLORDeclarationFound | repo_compliance | high | 1 | Replace the discouraged construct with a WordPress-friendly alternative. |
| Discouraged WordPress constant usage: HEADER_TEXTCOLOR WordPress.WP.DiscouragedConstants.HEADER_TEXTCOLORUsageFound | repo_compliance | high | 1 | Replace the discouraged construct with a WordPress-friendly alternative. |
| Discouraged WordPress constant declaration: MUPLUGINDIR WordPress.WP.DiscouragedConstants.MUPLUGINDIRDeclarationFound | maintainability | medium | 1 | Replace the discouraged construct with a WordPress-friendly alternative. |
| Discouraged WordPress constant declaration: PLUGINDIR WordPress.WP.DiscouragedConstants.PLUGINDIRDeclarationFound | maintainability | medium | 1 | Replace the discouraged construct with a WordPress-friendly alternative. |
| Mixed Ordered Placeholders Plural WordPress.WP.I18n.MixedOrderedPlaceholdersPlural | i18n | low | 1 | Use stable, literal translation strings and the plugin's correct text domain. |
| empty plugin name empty_plugin_name | maintainability | medium | 1 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| no plugin readme no_plugin_readme | repo_compliance | high | 1 | Update the readme to match WordPress.org parser expectations. |
| plugin header missing plugin description plugin_header_missing_plugin_description | repo_compliance | high | 1 | Correct the plugin header metadata in the main plugin file. |
| plugin header missing plugin version plugin_header_missing_plugin_version | repo_compliance | high | 1 | Correct the plugin header metadata in the main plugin file. |
| readme invalid donate link domain readme_invalid_donate_link_domain | repo_compliance | high | 1 | Update the readme to match WordPress.org parser expectations. |
| readme parser warnings trimmed section faq readme_parser_warnings_trimmed_section_faq | repo_compliance | high | 1 | Update the readme to match WordPress.org parser expectations. |
| readme parser warnings trimmed section installation readme_parser_warnings_trimmed_section_installation | repo_compliance | high | 1 | Update the readme to match WordPress.org parser expectations. |