PluginScore

Post Blocks & Tools

Post grid, post list, and post slider Gutenberg blocks to design blog and magazine layouts easily.

v1.3.1ThemezHutUpdated Added 400 installs0% rating
gutenberg blockspost blockspost gridpost listpost slider
60
Score
9
Errors
46
Warnings
+0
Change

Category Scores

Security36
Repo100
Performance98
Maintainability77

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

55 findings

Maintainability

29

12 issue groups

Security

24

4 issue groups

I18n

1

1 issue group

Performance

1

1 issue group

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.15
Category
Security
Occurrences
15
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'customize_save_' . $key".11
Category
Maintainability
Occurrences
11
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'customize_save_' . $key".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$demo".6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$demo".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'.4
Category
Security
Occurrences
4
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.4
Category
Security
Occurrences
4
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGMaintainabilityDiscouraged PHP functionThe use of function ini_set() is discouraged2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

The use of function ini_set() is discouraged

Squiz.PHP.DiscouragedFunctions.Discouraged
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
ERRORMaintainabilitydate datedate() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WordPress.DateTime.RestrictedFunctions.date_date
WARNINGMaintainabilityDynamic hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$action".1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$action".

WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound
Show 8 more
WARNINGSecurityRequest data is not unslashed1
Category
Security
Occurrences
1
Severity
warning

Sample message

$_POST['redux_option_name'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
ERRORMaintainabilityunlink unlink1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

WordPress.WP.AlternativeFunctions.unlink_unlink
WARNINGMaintainabilityMissing Version1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Resource version not set in call to wp_register_style(). This means new versions of the style may not always be loaded due to browser caching.

WordPress.WP.EnqueuedResourceParameters.MissingVersion
ERRORMaintainabilityNo Explicit Version1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Version parameter is not explicitly set or has been set to an equivalent of "false" for wp_enqueue_script; This means that the WordPress core version will be used which is not recommended for plugin or theme development.

WordPress.WP.EnqueuedResourceParameters.NoExplicitVersion
WARNINGMaintainabilityNot In Footer1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WordPress.WP.EnqueuedResourceParameters.NotInFooter
WARNINGI18nNo Html Wrapped Strings1
Category
I18n
Occurrences
1
Severity
warning

Sample message

Translatable string should not be wrapped in HTML. Found: '<p><a href="%s" target="_blank">View error log</a> for more information.</p>'

WordPress.WP.I18n.NoHtmlWrappedStringsReference
WARNINGPerformancePost Not In post not in1
Category
Performance
Occurrences
1
Severity
warning

Sample message

Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.

WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in
WARNINGMaintainabilitymissing composer json file1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

The "/vendor" directory using composer exists, but "composer.json" file is missing.

missing_composer_json_fileReference

External Connections

Potential connections found in static code analysis.

12 domains

Outbound calls

76

External assets

0

Incoming endpoints

3

Notable Domains

npmjs.com6 · outbound
php-fig.org3 · outbound
developer.mozilla.org1 · outbound
getcomposer.org1 · outbound
gregorcapuder.com1 · outbound
themezhut.com1 · outbound

Platform / Reference Domains

developer.wordpress.org25 · platform/reference
w3.org15 · platform/reference
wordpress.org12 · platform/reference
github.com9 · platform/reference
core.trac.wordpress.org1 · platform/reference
gnu.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints3
wp_ajax_bnmbt_import_customizer_dataauthenticated

wp_ajax

wp_ajax_bnmbt_import_demo_dataauthenticated

wp_ajax

wp_ajax_bnmbt_importer_after_import_dataauthenticated

wp_ajax

Score History

First score snapshot

v1.3.1

60

Latest

Findings
55
Errors
9
Warnings
46
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

35 nodes

Related Plugins

Superb Addons: Blocks, Patterns, Pre-built Pages, Sliders, Popups, Free Forms, Animations & More

80k+ active installs

100
Classic Blog Grid

4k+ active installs

99
Advanced Posts Listing – Show Post List Easily

3k+ active installs

98
Eleblog – Elementor Blog And Magazine Addons

1k+ active installs

98
Elfsight Blocks

3k+ active installs

98
Medialist

900 active installs

98