library_core_files
library core files
Plugin Check reported a maintainability issue that can make the plugin harder to review, run, or update.
Why It Shows Up
The finding matches a WordPress coding-standard or Plugin Check rule for code clarity, compatibility, packaging, or API usage.
Why It Matters
Maintainability findings reduce confidence that the plugin will behave consistently across hosts, WordPress versions, and other plugins.
How to Fix
- Find the exact file and line in the raw scan output.
- Prefer WordPress APIs and standard coding patterns over custom or legacy behavior.
- If the warning is from bundled third-party code, document that separately and avoid modifying vendor files unless necessary.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #301 | WPForms – AI Form Builder for WordPress – Contact Forms, Payment Forms, Survey Form, Quiz & More | 32 | 165 | 273 | 5m+ | Non-prefixed global variable | ||
| #302 | Dynamic XML Sitemaps Generator for Google | 32 | 74 | 411 | 20k+ | Non-prefixed global variable | ||
| #303 | YITH Infinite Scrolling | 32 | 387 | 1,417 | 10k+ | Non-prefixed global variable | ||
| #304 | YITH WooCommerce Badge Management | 32 | 413 | 1,446 | 10k+ | Non-prefixed global variable | ||
| #305 | YITH WooCommerce Compare | 32 | 422 | 1,508 | 100k+ | Non-prefixed global variable | ||
| #306 | YITH WooCommerce Quick View | 32 | 388 | 1,420 | 90k+ | Non-prefixed global variable | ||
| #307 | Cargus | 33 | 48 | 64 | 700 | Input is not sanitized | ||
| #308 | Nexi XPay | 33 | 496 | 277 | 6k+ | Text Domain Mismatch | ||
| #309 | CB Custom Beaver Builder Modules | 33 | 748 | 4 | 1k+ | Output is not escaped | ||
| #310 | Chartify – WordPress Chart Plugin | 33 | 76 | 411 | 3k+ | Non-prefixed global variable | ||
| #311 | Clicky Analytics | 33 | 166 | 92 | 10k+ | Output is not escaped | ||
| #312 | GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law | 33 | 48 | 370 | 300k+ | Non-prefixed global variable | ||
| #313 | Mentions légales [FR] | 33 | 238 | 48 | 2k+ | Text Domain Mismatch | ||
| #314 | Flipbox – Awesomes Flip Boxes Image Overlay | 33 | 400 | 7,279 | 10k+ | Input is not validated | ||
| #315 | IP2Location Redirection | 33 | 198 | 122 | 8k+ | Output is not escaped | ||
| #316 | jQuery Manager for WordPress | 33 | 86 | 24 | 7k+ | Output is not escaped | ||
| #317 | Pastacode | 33 | 77 | 66 | 400 | Non-prefixed global variable | ||
| #318 | FancyPost – Post Blocks, Grids & Sliders for Block Editor and Elementor | 33 | 356 | 271 | 500 | Output is not escaped | ||
| #319 | Wonder Slider Lite | 33 | 273 | 187 | 8k+ | Output is not escaped | ||
| #320 | Advanced Coupons for WooCommerce Coupons & Store Credit | 34 | 74 | 214 | 20k+ | Non-prefixed global variable | ||
| #321 | Bayarcash WooCommerce | 34 | 148 | 138 | 700 | Non Singular String Literal Domain | ||
| #322 | Custom Login Page by SeedProd | 34 | 330 | 125 | 500 | Output is not escaped | ||
| #323 | Dr. Flex | 34 | 83 | 51 | 1k+ | Output is not escaped | ||
| #324 | Gitium | 34 | 149 | 57 | 400 | Output is not escaped | ||
| #325 | 우커머스 포트원 플러그인 (국내 모든 PG를 한 번에) | 34 | 36 | 181 | 600 | Nonce verification recommended | ||
| #326 | Child Theme Creator by Orbisius | 34 | 86 | 39 | 10k+ | Output is not escaped | ||
| #327 | Progress Bar & Skill Bar | 34 | 175 | 179 | 1k+ | Non Singular String Literal Domain | ||
| #328 | Search Engine Insights for Google Search Console | 34 | 174 | 113 | 2k+ | Output is not escaped | ||
| #329 | Swiftype Site Search Plugin for WordPress | 34 | 250 | 50 | 400 | Output is not escaped | ||
| #330 | Easy Mega Menu for WordPress – ThemeHunk | 34 | 480 | 256 | 1k+ | Text Domain Mismatch | ||
| #331 | Checkout Field Editor (Checkout Page Manager) for WooCommerce | 34 | 706 | 232 | 2k+ | Text Domain Mismatch | ||
| #332 | WP Custom Admin Interface | 34 | 263 | 118 | 30k+ | Unsafe printing function | ||
| #333 | WP Dynamic Keywords Injector | 34 | 44 | 205 | 1k+ | Nonce verification recommended | ||
| #334 | Thumbnail carousel slider | 34 | 277 | 143 | 2k+ | Output is not escaped | ||
| #335 | Before After Image Comparison Slider for WPBakery Page Builder | 35 | 58 | 59 | 1k+ | Output is not escaped | ||
| #336 | Blogsqode – Blog Layouts and News Post Design | 35 | 430 | 63 | 400 | Text Domain Mismatch | ||
| #337 | CatFolders – WordPress Media Library Folders & Categories | 35 | 35 | 76 | 6k+ | Direct Query | ||
| #338 | Constant Contact Forms | 35 | 41 | 89 | 20k+ | Missing nonce verification | ||
| #339 | Custom CSS and JavaScript | 35 | 38 | 91 | 10k+ | Input is not sanitized | ||
| #340 | Custom JavaScript Editor | 35 | 8 | 23 | 400 | Missing Version | ||
| #341 | Editorial Calendar | 35 | 127 | 160 | 20k+ | Output is not escaped | ||
| #342 | Embed Privacy | 35 | 10 | 41 | 10k+ | slow db query meta key | ||
| #343 | Events Calendar by FooEvents | 35 | 56 | 59 | 4k+ | Non-prefixed global variable | ||
| #344 | MapSVG – Vector maps, Image maps, Google Maps | 35 | 74 | 47 | 1k+ | Missing direct file access protection | ||
| #345 | Restaurant Menu – Food Ordering System – Table Reservation | 35 | 317 | 186 | 8k+ | Unsafe printing function | ||
| #346 | Ni WooCommerce Sales Report | 35 | 236 | 256 | 500 | Text Domain Mismatch | ||
| #347 | Order Delivery Date for WooCommerce | 35 | 2,060 | 73 | 10k+ | wp function not compatible with requires wp | ||
| #348 | Product Input Fields for WooCommerce | 35 | 18 | 84 | 4k+ | Non-prefixed function | ||
| #349 | RPS Image Gallery | 35 | 88 | 16 | 800 | Output is not escaped | ||
| #350 | s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions | 35 | 24 | 5 | 8k+ | Missing direct file access protection |