ACF OpenStreetMap Field

A configurable OpenStreetMap Field for ACF.

v1.6.1podpirateUpdated 1 year agoAdded 7 years ago9k+ installs92% rating

map acf openstreetmap leaflet

Score

Errors

Warnings

Change

Category Scores

Security30

Repo72

Performance100

Maintainability74

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

86 findings

Maintainability

8 issue groups

I18n

4 issue groups

Security

5 issue groups

Supply Chain

1 issue group

WARNINGMaintainabilityNon Prefixed Variable FoundGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$attr".28

Category: Maintainability
Occurrences: 28
Severity: warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$attr".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound

WARNINGMaintainabilityNon Prefixed Hookname FoundHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'acf_osm_leaflet_providers_'.$filter".8

Category: Maintainability
Occurrences: 8
Severity: warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'acf_osm_leaflet_providers_'.$filter".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound

ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$contents'.8

Category: Security
Occurrences: 8
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$contents'.

WordPress.Security.EscapeOutput.OutputNotEscaped Reference

ERRORI18nMissing Arg DomainMissing $domain parameter in function call to esc_attr_e().7

Category: I18n
Occurrences: 7
Severity: error

Sample message

Missing $domain parameter in function call to esc_attr_e().

WordPress.WP.I18n.MissingArgDomain Reference

ERRORI18nNon Singular String Literal TextThe $text parameter must be a single text string literal. Found: $key6

Category: I18n
Occurrences: 6
Severity: error

Sample message

The $text parameter must be a single text string literal. Found: $key

WordPress.WP.I18n.NonSingularStringLiteralText Reference

ERRORSupply Chainhidden filesHidden files are not permitted.5

Category: Supply Chain
Occurrences: 5
Severity: error

Sample message

Hidden files are not permitted.

hidden_files

ERRORMaintainabilitymissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;5

Category: Maintainability
Occurrences: 5
Severity: error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protection Reference

ERRORI18nText Domain MismatchMismatched text domain. Expected 'acf-openstreetmap-field' but got 'acf'.4

Category: I18n
Occurrences: 4
Severity: error

Sample message

Mismatched text domain. Expected 'acf-openstreetmap-field' but got 'acf'.

WordPress.WP.I18n.TextDomainMismatch Reference

WARNINGMaintainabilityNon Prefixed Function FoundFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "acf_osm_get_iframe_url".2

Category: Maintainability
Occurrences: 2
Severity: warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "acf_osm_get_iframe_url".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound

ERRORSecurityException Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$class'.2

Category: Security
Occurrences: 2
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$class'.

WordPress.Security.EscapeOutput.ExceptionNotEscaped Reference

Show 9 more issue groups

WARNINGSecurityInput Not Sanitized2

Category: Security
Occurrences: 2
Severity: warning

Sample message

Detected usage of a non-sanitized input variable: $_SERVER[$hdr]

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

WARNINGSecurityMissing Unslash2

Category: Security
Occurrences: 2
Severity: warning

Sample message

$_SERVER[$hdr] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash

ERRORMaintainabilityException1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

An error occurred during processing; checking has been aborted. The error message was: PHPCSUtils\Utils\PassedParameters::hasParameters(): Argument #2 ($stackPtr) must be of type function call, array, isset, unset or exit; T_THROW given.\nThe error originated in the WordPress.Security.EscapeOutput sniff on line 270.

Internal.Exception Reference

WARNINGI18nload plugin textdomain Found1

Category: I18n
Occurrences: 1
Severity: warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound Reference

WARNINGMaintainabilityerror log var export1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

var_export() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_var_export

WARNINGSecurityInput Not Validated1

Category: Security
Occurrences: 1
Severity: warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_SERVER['REQUEST_URI']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated

ERRORMaintainabilityrand rand1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

rand() is discouraged. Use the far less predictable wp_rand() instead.

WordPress.WP.AlternativeFunctions.rand_rand

WARNINGMaintainabilityNot In Footer1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

In footer ($in_footer) is not set explicitly wp_register_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WordPress.WP.EnqueuedResourceParameters.NotInFooter

ERRORRepo Complianceoutdated tested upto header1

Category: Repo Compliance
Occurrences: 1
Severity: error

Sample message

Tested up to: 6.7 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_header Reference

Score History

First score snapshot

First scan

Jun 20, 2026, 10:41 PM UTC

Plugin version

v1.6.1

Plugin Check

2.0.0

Scoring model

2026.06-mvp-static-v2

Scan records1

yesterday

v1.6.1

Latest

Findings: 86
Errors: 40
Warnings: 46
Plugin Check: 2.0.0
Model: 2026.06-mvp-static-v2

Scan	Score	Findings	Errors	Warnings	Plugin	Plugin Check	Model
yesterdayLatest	35	86	40	46	v1.6.1	2.0.0	2026.06-mvp-static-v2

Related Plugins

ACF Quick Edit Fields

30k+ active installs

The Paste

10k+ active installs