3DPrint Lite

A plugin for selling 3D printing services.

v2.1.4fuzzoidUpdated Added 700 installs96% rating
25
Score
175
Errors
1,029
Warnings
+0
Change

Category Scores

Security0
Repo94
Performance100
Maintainability6

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

1,204 findings

Security

656

11 issue groups

Maintainability

464

12 issue groups

I18n

69

2 issue groups

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$admin_attachment_file".260
Category
Maintainability
Occurrences
260
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$admin_attachment_file".

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_FILES[$name]['error'][$index]. Check that the array index exists before using it.219
Category
Security
Occurrences
219
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_FILES[$name]['error'][$index]. Check that the array index exists before using it.

WARNINGSecurityRequest data is not unslashed$_GET['page'] not unslashed before sanitization. Use wp_unslash() or similar140
Category
Security
Occurrences
140
Severity
warning

Sample message

$_GET['page'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_FILES[$name]['error'][$index]101
Category
Security
Occurrences
101
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_FILES[$name]['error'][$index]

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.74
Category
Maintainability
Occurrences
74
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.62
Category
Security
Occurrences
62
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().57
Category
Maintainability
Occurrences
57
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

ERRORI18nNon Singular String Literal TextThe $text parameter must be a single text string literal. Found: $db_coating['name']40
Category
I18n
Occurrences
40
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $db_coating['name']

WARNINGSecuritywp redirect wp redirectwp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.39
Category
Security
Occurrences
39
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.32
Category
Security
Occurrences
32
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

Show 15 more
WARNINGMaintainabilityNot In Footer32
Category
Maintainability
Occurrences
32
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

ERRORI18nMissing Arg Domain29
Category
I18n
Occurrences
29
Severity
error

Sample message

Missing $domain parameter in function call to esc_attr__().

WARNINGSecurityInterpolated SQL is not prepared16
Category
Security
Occurrences
16
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $coating_id at "select * from {$wpdb->prefix}p3dlite_coatings where id='$coating_id'"

WARNINGSecurityMissing nonce verification13
Category
Security
Occurrences
13
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORMaintainabilitywp function not compatible with requires wp13
Category
Maintainability
Occurrences
13
Severity
error

Sample message

Function "has_shortcode()" requires WordPress 3.6.0, but your plugin minimum supported version is WordPress 3.5.0.

ERRORSecurityDatabase parameter is not escaped12
Category
Security
Occurrences
12
Severity
error

Sample message

Unescaped parameter $query used in $wpdb->get_results()\n$query assigned unsafely at line 1059.

ERRORSecuritySQL query is not prepared11
Category
Security
Occurrences
11
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $sql

ERRORSecurityOutput is not escaped11
Category
Security
Occurrences
11
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$_FILES['p3dlite_admin_attachment']['error'][$price_request_id]'.

ERRORMaintainabilityfile system operations fopen6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

WARNINGMaintainabilitySchema Change5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Attempting a database schema change is discouraged.

ERRORMaintainabilityfile system operations fclose5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

ERRORMaintainabilityrename rename4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

rename() is discouraged. Use WP_Filesystem::move() to rename a file.

ERRORMaintainabilityfile system operations mkdir3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().

ERRORMaintainabilitylibrary core files3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

Library files that are already in the WordPress core are not permitted.

WARNINGMaintainabilityMixed line endings2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

File has mixed line endings; this may cause incorrect results

External Connections

Potential connections found in static code analysis.

49 domains

Outbound calls

273

External assets

0

Incoming endpoints

2

Notable Domains

plupload.com132 · outbound
wp3dprinting.com27 · outbound
mrdoob.com6 · outbound
jqueryui.com4 · outbound
modernizr.com4 · outbound

Platform / Reference Domains

github.com15 · platform/reference
w3.org9 · platform/reference
opensource.org3 · platform/reference
gnu.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

wp_ajax_nopriv_p3dlite_handle_uploadpublic

wp_ajax

Admin AJAX endpoints1
wp_ajax_p3dlite_handle_uploadauthenticated

wp_ajax

Score History

First score snapshot

v2.1.4

25

Latest

Findings
1,204
Errors
175
Warnings
1,029
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins