PluginScore

BP Disable Activation Reloaded

Based on crashutah, apeatling plugin Disables the activation email and automatically activates new users in BuddyPress under a standard WP install and …

v1.2.1DamianUpdated Added 800 installs100% rating
activationbuddypresswpmu
36
Score
147
Errors
28
Warnings
+0
Change

Category Scores

Security0
Repo63
Performance100
Maintainability81

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

175 findings

Security

124

9 issue groups

I18n

28

5 issue groups

Maintainability

14

6 issue groups

Repo Compliance

5

5 issue groups

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"sections['$section'] = '$section_slug';"'.100
Category
Security
Occurrences
100
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"sections['$section'] = '$section_slug';"'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
ERRORI18nNon Singular String Literal DomainThe $domain parameter must be a single text string literal. Found: $this->WPB_PREFIX21
Category
I18n
Occurrences
21
Severity
error

Sample message

The $domain parameter must be a single text string literal. Found: $this->WPB_PREFIX

WordPress.WP.I18n.NonSingularStringLiteralDomainReference
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.10
Category
Security
Occurrences
10
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.7
Category
Security
Occurrences
7
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunctionReference
WARNINGMaintainabilityNot In FooterIn footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WordPress.WP.EnqueuedResourceParameters.NotInFooter
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.3
Category
I18n
Occurrences
3
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsCommentReference
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_GET['page']. Check that the array index exists before using it.2
Category
Security
Occurrences
2
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET['page']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
Show 15 more
ERRORI18nText Domain Mismatch2
Category
I18n
Occurrences
2
Severity
error

Sample message

Mismatched text domain. Expected 'bp-disable-activation-reloaded' but got 'buddypress'.

WordPress.WP.I18n.TextDomainMismatchReference
ERRORMaintainabilityOffloaded Content1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.

PluginCheck.CodeAnalysis.Offloading.OffloadedContent
ERRORSecuritySetting is missing a sanitization callback1
Category
Security
Occurrences
1
Severity
error

Sample message

Sanitization missing for register_setting().

PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissingReference
ERRORSecurityDatabase parameter is not escaped1
Category
Security
Occurrences
1
Severity
error

Sample message

Unescaped parameter $user->user_login used in $wpdb->get_var()\n$user->user_login used without escaping.

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGSecurityInterpolated SQL is not prepared1
Category
Security
Occurrences
1
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $user->user_login at "SELECT ID FROM $wpdb->users WHERE user_login = '$user->user_login'"

WordPress.DB.PreparedSQL.InterpolatedNotPrepared
WARNINGSecurityInput is not sanitized1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['page']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityRequest data is not unslashed1
Category
Security
Occurrences
1
Severity
warning

Sample message

$_GET['page'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
ERRORMaintainabilityDeprecated function: wp_htmledit_pre1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

wp_htmledit_pre() has been deprecated since WordPress version 4.3.0. Use format_for_editor() instead.

WordPress.WP.DeprecatedFunctions.wp_htmledit_preFound
ERRORI18nMissing Arg Domain1
Category
I18n
Occurrences
1
Severity
error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomainReference
ERRORI18nNon Singular String Literal Text1
Category
I18n
Occurrences
1
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $this->WPB_PLUGIN_NAME.' options updated.'

WordPress.WP.I18n.NonSingularStringLiteralTextReference
ERRORRepo Compliancemismatched tested up to header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Mismatched "Tested up to": 3.9.2 != BuddyPress 2.0.2+wp 3.9.2. The "Tested up to" value in the readme file must match the "Tested up to" value in the plugin header. If the plugin header has a "Tested up to" value, it will override the readme value, which can cause confusion.

mismatched_tested_up_to_headerReference
ERRORRepo Complianceno license1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Missing "License". Please update your readme with a valid GPLv2 (or later) compatible license.

no_licenseReference
ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 3.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_headerReference
WARNINGRepo Complianceplugin header invalid domain path1
Category
Repo Compliance
Occurrences
1
Severity
warning

Sample message

The "Domain Path" header in the plugin file must start with forward slash.

plugin_header_invalid_domain_pathReference
ERRORRepo Complianceplugin header invalid requires wp1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

The "Requires at least" header in the plugin file should only contain a WordPress version such as "7.0" or "6.9".

plugin_header_invalid_requires_wp

External Connections

Potential connections found in static code analysis.

8 domains

Outbound calls

14

External assets

1

Incoming endpoints

0

Notable Domains

timersys.com3 · outbound
alisothegeek.com1 · outbound
paypal.com1 · outbound
whypad.com1 · outbound

Platform / Reference Domains

wordpress.org4 · platform/reference
github.com2 · platform/reference
gnu.org1 · platform/reference

External Asset Domains

paypalobjects.com2 · asset + outbound

Incoming Endpoints

No public endpoints detected.

Score History

First score snapshot

v1.2.1

36

Latest

Findings
175
Errors
147
Warnings
28
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

31 nodes

Related Plugins

BuddyPress Login Redirect to Profile

600 active installs

97
Block, Suspend, Report for BuddyPress

600 active installs

96
Disable User Gravatar

3k+ active installs

95
Wbcom Designs – Shortcodes & Elementor Widgets For BuddyPress

700 active installs

89
CBX User Online & Last Login

800 active installs

86
Wbcom Designs – Birthday Widget for BuddyPress

400 active installs

84