The No.1 content separator, content manager, content excluder, sidebar widget manager plugin to enable CMS like functionality.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
309
12 issue groups
I18n
133
4 issue groups
Maintainability
48
8 issue groups
Performance
7
1 issue group
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<div id='update-nag'>$msg</div>"'.99
- Category
- Security
- Occurrences
- 99
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<div id='update-nag'>$msg</div>"'.
ERRORI18nText Domain MismatchMismatched text domain. Expected 'advanced-category-excluder' but got "ace".89
- Category
- I18n
- Occurrences
- 89
- Severity
- error
Sample message
Mismatched text domain. Expected 'advanced-category-excluder' but got "ace".
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.57
- Category
- Security
- Occurrences
- 57
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST[$k]36
- Category
- Security
- Occurrences
- 36
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_POST[$k]
WARNINGSecurityRequest data is not unslashed$_POST[$k] not unslashed before sanitization. Use wp_unslash() or similar36
- Category
- Security
- Occurrences
- 36
- Severity
- warning
Sample message
$_POST[$k] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_GET['page']. Check that the array index exists before using it.26
- Category
- Security
- Occurrences
- 26
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_GET['page']. Check that the array index exists before using it.
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().26
- Category
- I18n
- Occurrences
- 26
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.18
- Category
- Security
- Occurrences
- 18
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.16
- Category
- I18n
- Occurrences
- 16
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;14
- Category
- Maintainability
- Occurrences
- 14
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Show 15 moreShow less
WARNINGSecurityInterpolated SQL is not prepared12
- Category
- Security
- Occurrences
- 12
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $d at "SELECT DATE_FORMAT((DATE_ADD('${thisyear}0101', INTERVAL $d DAY) ), '%m')"
WARNINGMaintainabilityDirect Query8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
ERRORSecuritySQL query is not prepared8
- Category
- Security
- Occurrences
- 8
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $COMMENT_QUERY
ERRORMaintainabilitydate date7
- Category
- Maintainability
- Occurrences
- 7
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
WARNINGPerformancePost Not In exclude7
- Category
- Performance
- Occurrences
- 7
- Severity
- warning
Sample message
Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
WARNINGMaintainabilityMixed line endings6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- warning
Sample message
File has mixed line endings; this may cause incorrect results
ERRORSecurityDatabase parameter is not escaped6
- Category
- Security
- Occurrences
- 6
- Severity
- error
Sample message
Unescaped parameter $COMMENT_QUERY used in $wpdb->get_results()\n$COMMENT_QUERY assigned unsafely at line 256.
WARNINGSecurityNonce verification recommended5
- Category
- Security
- Occurrences
- 5
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORMaintainabilitystrip tags strip tags4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.
ERRORSecurityDeprecated function: attribute_escape4
- Category
- Security
- Occurrences
- 4
- Severity
- error
Sample message
attribute_escape() has been deprecated since WordPress version 2.8.0. Use esc_attr() instead.
ERRORMaintainabilityDeprecated function: register_sidebar_widget4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
register_sidebar_widget() has been deprecated since WordPress version 2.8.0. Use wp_register_sidebar_widget() instead.
ERRORMaintainabilityDeprecated function: register_widget_control4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
register_widget_control() has been deprecated since WordPress version 2.8.0. Use wp_register_widget_control() instead.
ERRORSecuritymysql mysql real escape string2
- Category
- Security
- Occurrences
- 2
- Severity
- error
Sample message
Accessing the database directly should be avoided. Please use the $wpdb object and associated functions instead. Found: mysql_real_escape_string.
ERRORI18nNon Singular String Literal Domain2
- Category
- I18n
- Occurrences
- 2
- Severity
- error
Sample message
The $domain parameter must be a single text string literal. Found: ace
ERRORMaintainabilitymysql mysql get server info1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Accessing the database directly should be avoided. Please use the $wpdb object and associated functions instead. Found: mysql_get_server_info.
External Connections
Potential connections found in static code analysis.
Outbound calls
22
External assets
0
Incoming endpoints
0
Notable Domains
Platform / Reference Domains
External Asset Domains
No external asset domains detected.
Incoming Endpoints
No public endpoints detected.
Score History
First score snapshot
v1.4.5
31
Latest
- Findings
- 509
- Errors
- 349
- Warnings
- 160
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 31 | 509 | 349 | 160 | v1.4.5 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.
Relationship links
Author
Issue
Domain
Related
Author
Issue
Domain
Related
Related Plugins
10k+ active installs
800 active installs
2k+ active installs
8k+ active installs
3k+ active installs
3k+ active installs