The really fast and powerful Booking engine for theme/site developers to create any booking or rental sites (tours, cars, events, apartments, yachts)
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
1,475
10 issue groups
Maintainability
399
12 issue groups
I18n
349
3 issue groups
ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$a['desc']'.467
- Category
- Security
- Occurrences
- 467
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$a['desc']'.
WARNINGSecurityRecommendedProcessing form data without nonce verification.243
- Category
- Security
- Occurrences
- 243
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORSecurityNot PreparedUse placeholders and $wpdb->prepare(); found $booking_obj_id221
- Category
- Security
- Occurrences
- 221
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $booking_obj_id
ERRORI18nText Domain MismatchMismatched text domain. Expected 'ba-book-everything' but got 'claue'.221
- Category
- I18n
- Occurrences
- 221
- Severity
- error
Sample message
Mismatched text domain. Expected 'ba-book-everything' but got 'claue'.
WARNINGSecurityMissing Unslash$_GET[$ext_field_name] not unslashed before sanitization. Use wp_unslash() or similar191
- Category
- Security
- Occurrences
- 191
- Severity
- warning
Sample message
$_GET[$ext_field_name] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityInput Not SanitizedDetected usage of a non-sanitized input variable: $_GET[$ext_field_name]156
- Category
- Security
- Occurrences
- 156
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_GET[$ext_field_name]
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.135
- Category
- Maintainability
- Occurrences
- 135
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().122
- Category
- Maintainability
- Occurrences
- 122
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORSecurityUnescaped DBParameterUnescaped parameter $delete_prepared used in $wpdb->query()\n$delete_prepared assigned unsafely at line 660.94
- Category
- Security
- Occurrences
- 94
- Severity
- error
Sample message
Unescaped parameter $delete_prepared used in $wpdb->query()\n$delete_prepared assigned unsafely at line 660.
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.92
- Category
- I18n
- Occurrences
- 92
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
Show 15 moreShow less
WARNINGSecurityMissing79
- Category
- Security
- Occurrences
- 79
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGMaintainabilityNon Prefixed Hookname Found74
- Category
- Maintainability
- Occurrences
- 74
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "ajax_babe_booking_calculate_price".
ERRORI18nMissing Arg Domain36
- Category
- I18n
- Occurrences
- 36
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
ERRORMaintainabilitymissing direct file access protection13
- Category
- Maintainability
- Occurrences
- 13
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
ERRORSecurityException Not Escaped11
- Category
- Security
- Occurrences
- 11
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$field'.
WARNINGMaintainabilitySchema Change10
- Category
- Maintainability
- Occurrences
- 10
- Severity
- warning
Sample message
Attempting a database schema change is discouraged.
WARNINGMaintainabilityslow db query meta query10
- Category
- Maintainability
- Occurrences
- 10
- Severity
- warning
Sample message
Detected usage of meta_query, possible slow query.
WARNINGMaintainabilityslow db query meta key7
- Category
- Maintainability
- Occurrences
- 7
- Severity
- warning
Sample message
Detected usage of meta_key, possible slow query.
WARNINGSecurityInput Not Validated7
- Category
- Security
- Occurrences
- 7
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_GET['post_type']. Check that the array index exists before using it.
WARNINGMaintainabilityslow db query meta value6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- warning
Sample message
Detected usage of meta_value, possible slow query.
WARNINGMaintainabilityerror log print r6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- warning
Sample message
print_r() found. Debug code should not normally be used in production.
ERRORSecurityUnsafe Printing Function6
- Category
- Security
- Occurrences
- 6
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
WARNINGMaintainabilityMissing Version6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- warning
Sample message
Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.
WARNINGMaintainabilityerror log error log5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- warning
Sample message
error_log() found. Debug code should not normally be used in production.
ERRORMaintainabilitystrip tags strip tags5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.
Score History
First score snapshot
v1.8.24
23
Latest
- Findings
- 2,270
- Errors
- 1,184
- Warnings
- 1,086
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 23 | 2,270 | 1,184 | 1,086 | v1.8.24 | 2.0.0 |
Related Plugins
10k+ active installs
2k+ active installs
10k+ active installs
3k+ active installs
9k+ active installs
5k+ active installs