ACF to Custom Database Tables

An ACF add-on plugin to save custom fields data in a structured database table instead of WordPress's post meta table.

v1.0.7AbhishekUpdated Added 600 installs92% rating
40
Score
36
Errors
64
Warnings
+0
Change

Category Scores

Security0
Repo89
Performance100
Maintainability82

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

100 findings

Security

66

10 issue groups

Maintainability

31

5 issue groups

Repo Compliance

2

2 issue groups

I18n

1

1 issue group

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.26
Category
Security
Occurrences
26
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.11
Category
Maintainability
Occurrences
11
Severity
warning

Sample message

Use of a direct database call is discouraged.

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$buttonClass'.10
Category
Security
Occurrences
10
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$buttonClass'.

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;10
Category
Maintainability
Occurrences
10
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().8
Category
Maintainability
Occurrences
8
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.7
Category
Security
Occurrences
7
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $delete_query6
Category
Security
Occurrences
6
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $delete_query

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_GET['post']. Check that the array index exists before using it.6
Category
Security
Occurrences
6
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET['post']. Check that the array index exists before using it.

ERRORSecurityDatabase parameter is not escapedUnescaped parameter $delete_query used in $wpdb->query()\n$delete_query assigned unsafely at line 514.5
Category
Security
Occurrences
5
Severity
error

Sample message

Unescaped parameter $delete_query used in $wpdb->query()\n$delete_query assigned unsafely at line 514.

WARNINGSecurityRequest data is not unslashed$_GET['tab'] not unslashed before sanitization. Use wp_unslash() or similar3
Category
Security
Occurrences
3
Severity
warning

Sample message

$_GET['tab'] not unslashed before sanitization. Use wp_unslash() or similar

Show 8 more
WARNINGSecurityDatabase parameter is not escaped1
Category
Security
Occurrences
1
Severity
warning

Sample message

Unescaped parameter $prefix_table_name used in $wpdb->get_results()\n$prefix_table_name assigned unsafely at line 143.

WARNINGSecurityInterpolated SQL is not prepared1
Category
Security
Occurrences
1
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $prefix_table_name at "SHOW TABLES LIKE '$prefix_table_name'"

ERRORMaintainabilitydate date1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WARNINGSecurityInput is not sanitized1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_POST['acf']

ERRORMaintainabilityNo Explicit Version1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Version parameter is not explicitly set or has been set to an equivalent of "false" for wp_enqueue_script; This means that the WordPress core version will be used which is not recommended for plugin or theme development.

ERRORI18nMissing Arg Domain1
Category
I18n
Occurrences
1
Severity
error

Sample message

Missing $domain parameter in function call to __().

ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.6 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

ERRORRepo Complianceplugin header no license1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.

External Connections

Potential connections found in static code analysis.

3 domains

Outbound calls

7

External assets

0

Incoming endpoints

0

Notable Domains

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Score History

First score snapshot

v1.0.7

40

Latest

Findings
100
Errors
36
Warnings
64
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

30 nodes

Related Plugins