A plugin which provides an author box for your WordPress blog. Originally known as "Author Box for Divi."
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
137
8 issue groups
Maintainability
78
14 issue groups
I18n
2
2 issue groups
Repo Compliance
1
1 issue group
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.116
- Category
- Security
- Occurrences
- 116
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
ERRORMaintainabilityShort PHP open tag foundShort PHP opening tag used with echo; expected "<?php echo admin_url ..." but found "<?= admin_url ..."23
- Category
- Maintainability
- Occurrences
- 23
- Severity
- error
Sample message
Short PHP opening tag used with echo; expected "<?php echo admin_url ..." but found "<?= admin_url ..."
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$author_box_position".23
- Category
- Maintainability
- Occurrences
- 23
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$author_box_position".
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$css'.11
- Category
- Security
- Occurrences
- 11
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$css'.
WARNINGMaintainabilityMissing VersionResource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- warning
Sample message
Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.
ERRORMaintainabilityOffloaded ContentFound call to wp_enqueue_script() with external resource. Offloading scripts to your servers or any remote service is disallowed.5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
Found call to wp_enqueue_script() with external resource. Offloading scripts to your servers or any remote service is disallowed.
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.4
- Category
- Security
- Occurrences
- 4
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
ERRORMaintainabilitywp function not compatible with requires wpFunction "get_avatar_url()" requires WordPress 4.2.0, but your plugin minimum supported version is WordPress 3.6.0.3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
Function "get_avatar_url()" requires WordPress 4.2.0, but your plugin minimum supported version is WordPress 3.6.0.
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
Show 15 moreShow less
WARNINGMaintainabilityNo Caching2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
WARNINGSecurityInput is not sanitized2
- Category
- Security
- Occurrences
- 2
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_POST[$key]
WARNINGMaintainabilitytrademarked term2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
The plugin name includes a restricted term. Your chosen plugin name - "Author Box WP Lens" - contains the restricted term "wp" which cannot be used at all in your plugin name.
WARNINGMaintainabilityupdate modification detected2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Plugin Updater detected. Detected code which may be altering WordPress update routines. Detected: _site_transient_update_plugins
WARNINGMaintainabilityMixed line endings1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
File has mixed line endings; this may cause incorrect results
ERRORSecurityDatabase parameter is not escaped1
- Category
- Security
- Occurrences
- 1
- Severity
- error
Sample message
Unescaped parameter $user_ids used in $wpdb->query()\n$user_ids assigned unsafely at line 180.
ERRORSecuritySQL query is not prepared1
- Category
- Security
- Occurrences
- 1
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $user_ids
WARNINGSecuritywp redirect wp redirect1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
WARNINGSecurityRequest data is not unslashed1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
$_POST[$key] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGMaintainabilityNot In Footer1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.
ERRORI18nMissing Translators Comment1
- Category
- I18n
- Occurrences
- 1
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
ERRORI18nUnordered Placeholders Text1
- Category
- I18n
- Occurrences
- 1
- Severity
- error
Sample message
Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in 'Do you enjoy using the Author Box WP Lens plugin? A %s5-star rating on WordPress.org%s would be great!'.
ERRORMaintainabilityfive star reviews detected1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Linking directly to 5 stars reviews is not allowed.
ERRORRepo Complianceplugin header no license1
- Category
- Repo Compliance
- Occurrences
- 1
- Severity
- error
Sample message
Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.
ERRORMaintainabilityplugin updater detected1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Plugin Updater detected. These are not permitted in WordPress.org hosted plugins. Detected: site_transient_update_plugins
External Connections
Potential connections found in static code analysis.
Outbound calls
35
External assets
5
Incoming endpoints
3
Notable Domains
Platform / Reference Domains
External Asset Domains
Incoming Endpoints
No public endpoints detected.
Admin AJAX endpoints3
wp_ajax
wp_ajax
wp_ajax
Score History
First score snapshot
v2.1.6
35
Latest
- Findings
- 218
- Errors
- 169
- Warnings
- 49
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 35 | 218 | 169 | 49 | v2.1.6 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.