Assistant – Every Day Productivity Apps

Assistant is a plugin that allows you to work more efficiently. It provides you shortcuts to common admin tasks on the front-end of your website.

v1.5.4.2Beaver BuilderUpdated Added 4k+ installs98% rating
34
Score
124
Errors
97
Warnings
+0
Change

Category Scores

Security0
Repo94
Performance100
Maintainability48

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

221 findings

Security

149

12 issue groups

Maintainability

39

11 issue groups

I18n

21

2 issue groups

ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$alias'.60
Category
Security
Occurrences
60
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$alias'.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.22
Category
Security
Occurrences
22
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.15
Category
Security
Occurrences
15
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().14
Category
I18n
Occurrences
14
Severity
error

Sample message

Missing $domain parameter in function call to __().

WARNINGSecurityRequest data is not unslashed$_COOKIE[$token_key] not unslashed before sanitization. Use wp_unslash() or similar13
Category
Security
Occurrences
13
Severity
warning

Sample message

$_COOKIE[$token_key] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE[$token_key]12
Category
Security
Occurrences
12
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_COOKIE[$token_key]

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<span style='{$styles}'><span style='{$dot}; background-color: {$term['color']}'></span>{$term['label']}</span>"'.11
Category
Security
Occurrences
11
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<span style='{$styles}'><span style='{$dot}; background-color: {$term['color']}'></span>{$term['label']}</span>"'.

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.8
Category
Maintainability
Occurrences
8
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().8
Category
Maintainability
Occurrences
8
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.7
Category
I18n
Occurrences
7
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

Show 15 more
WARNINGSecurityInput is not validated6
Category
Security
Occurrences
6
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET[&#039;fl-asst-customizer-preview-init&#039;]. Check that the array index exists before using it.

ERRORSecurityUnsafe printing function4
Category
Security
Occurrences
4
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

ERRORMaintainabilitystrip tags strip tags4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.

ERRORMaintainabilityMissing direct file access protection4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGSecurityInterpolated SQL is not prepared3
Category
Security
Occurrences
3
Severity
warning

Sample message

Use placeholders and $wpdb-&gt;prepare(); found interpolated variable {$id} at &quot;INSERT INTO {$wpdb-&gt;postmeta} (post_id, meta_key, meta_value) values ({$id}, &#039;{$meta_key}&#039;, &#039;{$meta_value}&#039;)&quot;

ERRORMaintainabilitycurl curl file create3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORMaintainabilityunlink unlink3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

WARNINGMaintainabilityslow db query meta key2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Detected usage of meta_key, possible slow query.

WARNINGMaintainabilityslow db query meta query2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Detected usage of meta_query, possible slow query.

ERRORMaintainabilitydate date2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

ERRORMaintainabilityparse url parse url2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

ERRORSecurityDatabase parameter is not escaped1
Category
Security
Occurrences
1
Severity
error

Sample message

Unescaped parameter $id used in $wpdb->query()\n$id assigned unsafely at line 274.

WARNINGSecurityDatabase parameter is not escaped1
Category
Security
Occurrences
1
Severity
warning

Sample message

Unescaped parameter $new_post_id used in $wpdb-&gt;query()\n$new_post_id assigned unsafely at line 322.

ERRORSecuritySQL query is not prepared1
Category
Security
Occurrences
1
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $subqueries

WARNINGMaintainabilityslow db query meta value1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Detected usage of meta_value, possible slow query.

External Connections

Not analyzed yet.

Score History

First score snapshot

v1.5.4.2

34

Latest

Findings
221
Errors
124
Warnings
97
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

29 nodes

Related Plugins

Breadcrumb Block

3k+ active installs

100
Counting Number Block

2k+ active installs

100
Crowdsignal Forms

200k+ active installs

100
Events Block

600 active installs

100