BuddyPress for LearnDash

BuddyPress for LearnDash integrates the LearnDash LMS plugin with BuddyPress, so you can add groups, activity, members, and forums to your courses.

v1.3.0Syed BalkhiUpdated 6 years agoAdded 11 years ago1k+ installs66% rating

buddypress learndash learning learning management system lms

Score

190

Errors

284

Warnings

Change

Category Scores

Security0

Repo86

Performance97

Maintainability49

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

474 findings

Security

259

12 issue groups

Maintainability

149

10 issue groups

I18n

2 issue groups

Performance

1 issue group

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$bp_learndash_course_activity'.98

Category: Security
Occurrences: 98
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$bp_learndash_course_activity'.

WordPress.Security.EscapeOutput.OutputNotEscaped Reference

ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.53

Category: I18n
Occurrences: 53
Severity: error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsComment Reference

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "bp_learndash_activity_filter".51

Category: Maintainability
Occurrences: 51
Severity: warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "bp_learndash_activity_filter".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.49

Category: Security
Occurrences: 49
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing

WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "bp_core_template_plugin".38

Category: Maintainability
Occurrences: 38
Severity: warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "bp_core_template_plugin".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$Plugin_Requirements_Check".36

Category: Maintainability
Occurrences: 36
Severity: warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$Plugin_Requirements_Check".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['post']35

Category: Security
Occurrences: 35
Severity: warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['post']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

WARNINGSecurityRequest data is not unslashed$_GET['post'] not unslashed before sanitization. Use wp_unslash() or similar34

Category: Security
Occurrences: 34
Severity: warning

Sample message

$_GET['post'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.17

Category: Security
Occurrences: 17
Severity: error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunction Reference

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_POST[$_POST[ 'post_type' ] . '_noncename']. Check that the array index exists before using it.7

Category: Security
Occurrences: 7
Severity: warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST[$_POST[ 'post_type' ] . '_noncename']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated

Show 15 more

WARNINGMaintainabilityDirect Query6

Category: Maintainability
Occurrences: 6
Severity: warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery

WARNINGMaintainabilityNo Caching6

Category: Maintainability
Occurrences: 6
Severity: warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching

ERRORSecurityDatabase parameter is not escaped5

Category: Security
Occurrences: 5
Severity: error

Sample message

Unescaped parameter $group->name used in $wpdb->query()\n$group->name used without escaping.

PluginCheck.Security.DirectDB.UnescapedDBParameter

WARNINGSecurityNonce verification recommended5

Category: Security
Occurrences: 5
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended

ERRORSecuritySQL query is not prepared4

Category: Security
Occurrences: 4
Severity: error

Sample message

Use placeholders and $wpdb->prepare(); found $sql

WordPress.DB.PreparedSQL.NotPrepared

WARNINGMaintainabilityNon-prefixed class3

Category: Maintainability
Occurrences: 3
Severity: warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "GType_Course_Tab".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound

WARNINGMaintainabilitytrademarked term3

Category: Maintainability
Occurrences: 3
Severity: warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "BuddyPress for LearnDash" - contains the restricted term "buddypress" and cannot be used to begin your plugin name. We disallow the use of certain terms in ways that are abused, or potentially infringe on and/or are misleading with regards to trademarks. You may use the term "buddypress" elsewhere in your plugin name, such as "... for buddypress".

trademarked_term

WARNINGSecurityInterpolated SQL is not prepared2

Category: Security
Occurrences: 2
Severity: warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable {$forum_id} at "UPDATE {$wpdb->posts} SET post_title = '{$group->name}' WHERE id = {$forum_id}"

WordPress.DB.PreparedSQL.InterpolatedNotPrepared

WARNINGSecuritywp redirect wp redirect2

Category: Security
Occurrences: 2
Severity: warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WordPress.Security.SafeRedirect.wp_redirect_wp_redirect Reference

ERRORMaintainabilityDiscouraged WordPress constant usage: STYLESHEETPATH2

Category: Maintainability
Occurrences: 2
Severity: error

Sample message

Found usage of constant "STYLESHEETPATH". Use get_stylesheet_directory() instead.

WordPress.WP.DiscouragedConstants.STYLESHEETPATHUsageFound

ERRORMaintainabilityDiscouraged WordPress constant usage: TEMPLATEPATH2

Category: Maintainability
Occurrences: 2
Severity: error

Sample message

Found usage of constant "TEMPLATEPATH". Use get_template_directory() instead.

WordPress.WP.DiscouragedConstants.TEMPLATEPATHUsageFound

ERRORI18nUnordered Placeholders Text2

Category: I18n
Occurrences: 2
Severity: error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in '%s out of %s steps completed'.

WordPress.WP.I18n.UnorderedPlaceholdersText Reference

WARNINGPerformancePost Not In exclude2

Category: Performance
Occurrences: 2
Severity: warning

Sample message

Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.

WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_exclude

ERRORMaintainabilitybadly named files2

Category: Maintainability
Occurrences: 2
Severity: error

Sample message

File and folder names must not contain spaces or special characters.

badly_named_files

ERRORSecuritySetting is missing a sanitization callback1

Category: Security
Occurrences: 1
Severity: error

Sample message

Sanitization missing for register_setting().

PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissing Reference

External Connections

Not analyzed yet.

Score History

First score snapshot

4 days ago

v1.3.0

Latest

Findings: 474
Errors: 190
Warnings: 284
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
4 days agoLatest	32	474	190	284	v1.3.0	2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

29 nodes

Loading map

PluginAuthorCategoryIssueRelated

Relationship links

Issue

Related Plugins

Design Upgrade for LearnDash

7k+ active installs

PowerPack for LearnDash

1k+ active installs

LearnPress – Prerequisites Courses

6k+ active installs

BuddyPress Activity Shortcode

2k+ active installs

LearnPress – Course Wishlist

20k+ active installs

LifterLMS Labs

2k+ active installs