Academy LMS is the all-rounder among all WordPress LMS plugins. A complete solution, easy to use, feature-rich and provides powerful integrations.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
718
14 issue groups
Security
196
10 issue groups
I18n
10
1 issue group
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$announcement".487
- Category
- Maintainability
- Occurrences
- 487
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$announcement".
ERRORMaintainabilityLocalhost URL foundDo not use Localhost/127.0.0.1/*.local in your code. Found: http://localhost/56
- Category
- Maintainability
- Occurrences
- 56
- Severity
- error
Sample message
Do not use Localhost/127.0.0.1/*.local in your code. Found: http://localhost/
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.53
- Category
- Maintainability
- Occurrences
- 53
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGSecurityRequest data is not unslashed$_GET['attempt_id'] not unslashed before sanitization. Use wp_unslash() or similar53
- Category
- Security
- Occurrences
- 53
- Severity
- warning
Sample message
$_GET['attempt_id'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().52
- Category
- Maintainability
- Occurrences
- 52
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$missing_keys'.47
- Category
- Security
- Occurrences
- 47
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$missing_keys'.
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_FILES['image']24
- Category
- Security
- Occurrences
- 24
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_FILES['image']
WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $order_by used in $wpdb->get_results()\n$order_by assigned unsafely at line 602.21
- Category
- Security
- Occurrences
- 21
- Severity
- warning
Sample message
Unescaped parameter $order_by used in $wpdb->get_results()\n$order_by assigned unsafely at line 602.
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_POST['academy_rating']. Check that the array index exists before using it.17
- Category
- Security
- Occurrences
- 17
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_POST['academy_rating']. Check that the array index exists before using it.
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;16
- Category
- Maintainability
- Occurrences
- 16
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Show 15 moreShow less
WARNINGMaintainabilityNon-prefixed hook name13
- Category
- Maintainability
- Occurrences
- 13
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: " academy/course_search_query_args".
WARNINGSecurityMissing nonce verification12
- Category
- Security
- Occurrences
- 12
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORI18nMissing Translators Comment10
- Category
- I18n
- Occurrences
- 10
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
WARNINGMaintainabilityDiscouraged PHP function9
- Category
- Maintainability
- Occurrences
- 9
- Severity
- warning
Sample message
wp_reset_query() is discouraged. Use wp_reset_postdata() instead.
ERRORMaintainabilitybadly named files9
- Category
- Maintainability
- Occurrences
- 9
- Severity
- error
Sample message
File and folder names must not contain spaces or special characters.
WARNINGSecurityInterpolated SQL is not prepared7
- Category
- Security
- Occurrences
- 7
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $ids at \t\t\tWHERE c.comment_ID IN ($ids)"
WARNINGSecurityNonce verification recommended7
- Category
- Security
- Occurrences
- 7
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGMaintainabilityslow db query meta key5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- warning
Sample message
Detected usage of meta_key, possible slow query.
WARNINGSecurityUnfinished Prepare4
- Category
- Security
- Occurrences
- 4
- Severity
- warning
Sample message
Replacement variables found, but no valid placeholders found in the query.
WARNINGMaintainabilityslow db query meta value4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
Detected usage of meta_value, possible slow query.
WARNINGMaintainabilityNon-prefixed global symbol4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
The "academy/get" prefix is not a valid namespace/function/class/variable/constant prefix in PHP.
ERRORSecurityOutput is not escaped4
- Category
- Security
- Occurrences
- 4
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$error_message'.
ERRORMaintainabilityfile system operations fclose4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
ERRORMaintainabilityNot Allowed3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead
WARNINGMaintainabilitySchema Change3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
Attempting a database schema change is discouraged.
External Connections
Potential connections found in static code analysis.
Outbound calls
288
External assets
1
Incoming endpoints
11
Notable Domains
Platform / Reference Domains
External Asset Domains
Incoming Endpoints
wp_ajax
Admin AJAX endpoints10
admin_post
admin_post
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
Score History
2 score snapshots
v3.8.2
24
Latest
- Findings
- 952
- Errors
- 162
- Warnings
- 790
- Check
- 2.0.0
v3.8.1
24
Score
- Findings
- 949
- Errors
- 162
- Warnings
- 787
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 24 | 952 | 162 | 790 | v3.8.2 | 2.0.0 |
| 24 | 949 | 162 | 787 | v3.8.1 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.