update_modification_detected
update modification detected
The plugin appears to include its own update or modification mechanism.
Why It Shows Up
Plugin Check found updater code or code that modifies plugin files outside the normal WordPress.org update flow.
Why It Matters
Custom update mechanisms can bypass repository review, surprise site owners, or change executable code after installation.
How to Fix
- Remove custom updater code from WordPress.org releases when it is not needed.
- Do not rewrite plugin source files at runtime.
- If remote updates are intentional outside WordPress.org, document the trust model and protect it with strong validation.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #451 | Cookiebot by Usercentrics – Automatic Cookie Banner for GDPR/CCPA & Google Consent Mode | 49 | 148 | 176 | 100k+ | Non-prefixed global variable | ||
| #452 | Easy Property Listings | 49 | 60 | 66 | 5k+ | wp function not compatible with requires wp | ||
| #453 | Jetpack Social | 49 | 812 | 239 | 30k+ | Text Domain Mismatch | ||
| #454 | User Activity Tracking and Log | 51 | 28 | 237 | 3k+ | Non-prefixed global variable | ||
| #455 | Automattic For Agencies Client | 53 | 249 | 184 | 20k+ | Text Domain Mismatch | ||
| #456 | Connect Contact Form 7 and Mailchimp | 53 | 236 | 52 | 40k+ | Text Domain Mismatch | ||
| #457 | Themeflection Numbers – Number Counter and Animated Numbers | 55 | 224 | 73 | 3k+ | Text Domain Mismatch | ||
| #458 | WP Ultimate Review | 55 | 23 | 381 | 70k+ | Non-prefixed global variable | ||
| #459 | Elementor Beta (Developer Edition) | 57 | 36 | 32 | 30k+ | Output is not escaped | ||
| #460 | Stream | 60 | 24 | 99 | 80k+ | Direct Query | ||
| #461 | Raptive Ads | 66 | 35 | 29 | 6k+ | Text Domain Mismatch | ||
| #462 | Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder | 66 | 51 | 690 | 700k+ | Non-prefixed hook name | ||
| #463 | onOffice for WP-Websites | 67 | 5 | 507 | 1k+ | Non-prefixed global variable | ||
| #464 | Free Assets Library – Openverse/Pixabay 600+ Million Images | 68 | 44 | 36 | 4k+ | Text Domain Mismatch | ||
| #465 | Vibe AI – MCP Server for WordPress. Connect Claude, ChatGPT & Cursor | 68 | 10 | 24 | 2k+ | Non-prefixed global variable | ||
| #466 | WP Disable Automatic Updates | 69 | 14 | 8 | 2k+ | Output is not escaped | ||
| #467 | aapanel WP Toolkit | 71 | 20 | 18 | 2k+ | wp function not compatible with requires wp | ||
| #468 | Boxzilla – WordPress Popup Builder | 79 | 4 | 64 | 20k+ | Non-prefixed global variable | ||
| #469 | Klaviyo | 79 | 26 | 86 | 100k+ | Non-prefixed function | ||
| #470 | Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder | 79 | 95 | 733 | 10k+ | Non-prefixed global variable | ||
| #471 | BlogVault Backup & Staging | 82 | 53 | 22 | 80k+ | Missing direct file access protection | ||
| #472 | MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall | 82 | 55 | 22 | 200k+ | Missing direct file access protection | ||
| #473 | The WP Remote WordPress Plugin | 82 | 51 | 24 | 30k+ | Missing direct file access protection | ||
| #474 | Web Stories | 84 | 12 | 63 | 60k+ | Non-prefixed global variable | ||
| #475 | Simple Automatic Updates | 85 | 18 | 1 | 2k+ | Missing Translators Comment | ||
| #476 | GTM Kit – Google Tag Manager & GA4 integration | 87 | 5 | 17 | 30k+ | Missing direct file access protection | ||
| #477 | WP Auto Updater | 87 | 5 | 19 | 7k+ | Database parameter is not escaped | ||
| #478 | Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More | 88 | 20 | 116 | 40k+ | Non-prefixed hook name | ||
| #479 | Piotnet Addons For Elementor | 88 | 744 | 26 | 30k+ | Text Domain Mismatch | ||
| #480 | Three Column Screen Layout | 90 | 5 | 8 | 1k+ | Direct Query | ||
| #481 | Cloudways Site Manager | 91 | 14 | 7 | 20k+ | wp function not compatible with requires wp | ||
| #482 | Disable WordPress Update Notifications and auto-update Email Notifications | 91 | 2 | 12 | 10k+ | Nonce verification recommended | ||
| #483 | Disable Auto Update Emails and Block Updates for Plugins, WP Core, and Themes | 93 | 10 | 7 | 3k+ | Missing direct file access protection | ||
| #484 | LiveChat – Live Chat Plugin for WP Websites | 95 | 62 | 9 | 10k+ | Text Domain Mismatch | ||
| #485 | Meta Box | 96 | 5 | 16 | 500k+ | Non-prefixed hook name | ||
| #486 | Remote Website Management by Watchful | 97 | 4 | 12 | 4k+ | Direct Query | ||
| #487 | WordPress Beta Tester | 97 | 1 | 15 | 3k+ | Non-prefixed hook name | ||
| #488 | Auto Submenu | 98 | 2 | 2 | 2k+ | Missing direct file access protection | ||
| #489 | Auto Update Plugins | 98 | 1 | 6 | 1k+ | trademarked term | ||
| #490 | Auto Updates | 98 | 2 | 2 | 1k+ | Missing direct file access protection | ||
| #491 | Disable Updates for WordPress Core, Plugins and Themes | 98 | 2 | 3 | 10k+ | Missing direct file access protection | ||
| #492 | Disable All WordPress Updates | 98 | 4 | 6 | 10k+ | trademarked term | ||
| #493 | Enable CORS | 98 | 10 | 2 | 6k+ | Missing direct file access protection | ||
| #494 | Plugin Report | 99 | 5 | 1k+ | trademarked term | |||
| #495 | Update Control | 100 | 2 | 4k+ | unexpected markdown file |
