PluginScore

Allow Multiple Accounts

Allow multiple user accounts to be created, registered, and updated having the same email address.

v3.0.4Scott ReillyUpdated Added 9k+ installs100% rating
accountemailmultiple accountsregistrationsignup
40
Score
115
Errors
19
Warnings
+0
Change

Category Scores

Security0
Repo91
Performance100
Maintainability80

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

134 findings

I18n

64

4 issue groups

Security

56

10 issue groups

Maintainability

12

6 issue groups

Repo Compliance

2

2 issue groups

ERRORI18nNon Singular String Literal DomainThe $domain parameter must be a single text string literal. Found: $this->textdomain44
Category
I18n
Occurrences
44
Severity
error

Sample message

The $domain parameter must be a single text string literal. Found: $this->textdomain

WordPress.WP.I18n.NonSingularStringLiteralDomainReference
ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<br /><span class='c2c-input-help'>{$help}</span>\n"'.38
Category
Security
Occurrences
38
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<br /><span class='c2c-input-help'>{$help}</span>\n"'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().10
Category
I18n
Occurrences
10
Severity
error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomainReference
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.9
Category
I18n
Occurrences
9
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsCommentReference
ERRORMaintainabilityNot AllowedUse of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead

PluginCheck.CodeAnalysis.Heredoc.NotAllowed
WARNINGSecurityMissingProcessing form data without nonce verification.3
Category
Security
Occurrences
3
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGSecurityInput Not SanitizedDetected usage of a non-sanitized input variable: $_SERVER[&#039;PHP_SELF&#039;]3
Category
Security
Occurrences
3
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_SERVER[&#039;PHP_SELF&#039;]

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityInput Not ValidatedDetected usage of a possibly undefined superglobal array index: $_SERVER[&#039;PHP_SELF&#039;]. Check that the array index exists before using it.3
Category
Security
Occurrences
3
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_SERVER[&#039;PHP_SELF&#039;]. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
WARNINGSecurityMissing Unslash$_SERVER[&#039;PHP_SELF&#039;] not unslashed before sanitization. Use wp_unslash() or similar3
Category
Security
Occurrences
3
Severity
warning

Sample message

$_SERVER[&#039;PHP_SELF&#039;] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
Show 12 more
WARNINGSecurityRecommended2
Category
Security
Occurrences
2
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
ERRORMaintainabilitymissing direct file access protection2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
ERRORSecurityUnescaped DBParameter1
Category
Security
Occurrences
1
Severity
error

Sample message

Unescaped parameter $sql used in $wpdb->get_var()

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGMaintainabilityNo Caching1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
ERRORSecurityNot Prepared1
Category
Security
Occurrences
1
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $sql

WordPress.DB.PreparedSQL.NotPrepared
ERRORSecurityHeredoc Output Not Escaped1
Category
Security
Occurrences
1
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found interpolation in unescaped heredoc.

WordPress.Security.EscapeOutput.HeredocOutputNotEscapedReference
WARNINGMaintainabilityadd option whitelist Found1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

add_option_whitelist() has been deprecated since WordPress version 5.5.0. Use add_allowed_options() instead.

WordPress.WP.DeprecatedFunctions.add_option_whitelistFound
ERRORSecuritysanitize user object Found1
Category
Security
Occurrences
1
Severity
error

Sample message

sanitize_user_object() has been deprecated since WordPress version 3.3.0.

WordPress.WP.DeprecatedFunctions.sanitize_user_objectFound
ERRORI18nText Domain Mismatch1
Category
I18n
Occurrences
1
Severity
error

Sample message

Mismatched text domain. Expected 'allow-multiple-accounts' but got 'buddypress'.

WordPress.WP.I18n.TextDomainMismatchReference
ERRORMaintainabilityapplication detected1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Application files are not permitted.

application_detected
ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 4.2 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_headerReference
WARNINGRepo Compliancereadme parser warnings too many tags1
Category
Repo Compliance
Occurrences
1
Severity
warning

Sample message

One or more tags were ignored. Please limit your plugin to 5 tags.

readme_parser_warnings_too_many_tags

Score History

First score snapshot

v3.0.4

40

Latest

Findings
134
Errors
115
Warnings
19
Check
2.0.0

Related Plugins

Configure SMTP

6k+ active installs

99
Stop WP Emails Going to Spam

10k+ active installs

99
Clean Login

6k+ active installs

97
Disable auto-update Email Notifications

30k+ active installs

97
Disable New User Notification Emails

4k+ active installs

97
Check & Log Email – Easy Email Testing & Mail logging

100k+ active installs

95