Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
158
6 issue groups
Security
44
11 issue groups
I18n
2
1 issue group
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$HELPERS".120
- Category
- Maintainability
- Occurrences
- 120
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$HELPERS".
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.17
- Category
- Maintainability
- Occurrences
- 17
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $placeholders at "DELETE FROM $table_name WHERE id IN ($placeholders)"17
- Category
- Security
- Occurrences
- 17
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $placeholders at "DELETE FROM $table_name WHERE id IN ($placeholders)"
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().16
- Category
- Maintainability
- Occurrences
- 16
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $table used in $wpdb->get_results()\n$table assigned unsafely at line 162.9
- Category
- Security
- Occurrences
- 9
- Severity
- warning
Sample message
Unescaped parameter $table used in $wpdb->get_results()\n$table assigned unsafely at line 162.
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$link_actions'.5
- Category
- Security
- Occurrences
- 5
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$link_actions'.
ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found !==3
- Category
- Security
- Occurrences
- 3
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found !==
WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "the_content".3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "the_content".
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.2
- Category
- Security
- Occurrences
- 2
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['search']2
- Category
- Security
- Occurrences
- 2
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_GET['search']
Show 8 moreShow less
WARNINGSecurityRequest data is not unslashed2
- Category
- Security
- Occurrences
- 2
- Severity
- warning
Sample message
$_GET['search'] not unslashed before sanitization. Use wp_unslash() or similar
ERRORI18nMissing Translators Comment2
- Category
- I18n
- Occurrences
- 2
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
WARNINGMaintainabilitySchema Change1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Attempting a database schema change is discouraged.
WARNINGSecurityReplacements Wrong Number1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
Incorrect number of replacements passed to $wpdb->prepare(). Found 1 replacement parameters, expected 2.
WARNINGSecurityUnfinished Prepare1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
Replacement variables found, but no valid placeholders found in the query.
WARNINGSecuritywp redirect wp redirect1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
WARNINGSecurityInput is not validated1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_SERVER['REMOTE_ADDR']. Check that the array index exists before using it.
ERRORMaintainabilityfile system operations fclose1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
External Connections
Not analyzed yet.
Score History
First score snapshot
v1.3.8
40
Latest
- Findings
- 204
- Errors
- 11
- Warnings
- 193
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 40 | 204 | 11 | 193 | v1.3.8 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.
Relationship links
Author
Issue
Related
Author
Issue
Related
Related Plugins
7k+ active installs
2k+ active installs
2k+ active installs
3k+ active installs
1k+ active installs
30k+ active installs