Add albums, photo, audio/video upload, privacy, sharing, front-end uploads & more. All this works on mobile/tablets devices.
Category Scores
Top Issues by Category
maintainability863
security108
Issues Details
996 issues found in latest scan
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "BP_MEDIA_PATH".
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$JPEG_Segment_Names".
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "add_extra_sub_nav".
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "add_music_cover_art".
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
Unescaped parameter $activity_sql used in $wpdb->get_results()\n$activity_sql assigned unsafely at line 113.
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$algorithm'.
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread().
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"[$k]=>\""'.
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "AMFReader".
Accessing the database directly should be avoided. Please use the $wpdb object and associated functions instead. Found: mysql_real_escape_string.
Function "get_sites()" requires WordPress 4.6.0, but your plugin minimum supported version is WordPress 4.1.0.
Detected usage of meta_key, possible slow query.
Accessing the database directly should be avoided. Please use the $wpdb object and associated functions instead. Found: mysql_query.
Detected usage of meta_value, possible slow query.
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: touch().
The plugin name includes a restricted term. Your chosen plugin name - "rtMedia for WordPress, BuddyPress and bbPress" - contains the restricted term "wordpress" which cannot be used at all in your plugin name.
The use of function set_time_limit() is discouraged
Accessing the database directly should be avoided. Please use the $wpdb object and associated functions instead. Found: mysql_fetch_array.
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound | WARNING | Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "BP_MEDIA_PATH". | 206 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$JPEG_Segment_Names". | 156 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 94 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "add_extra_sub_nav". | 90 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound | WARNING | Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "add_music_cover_art". | 89 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fclose | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose(). | 56 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter $activity_sql used in $wpdb->get_results()\n$activity_sql assigned unsafely at line 113. | 44 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fopen | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen(). | 32 |
| WordPress.Security.EscapeOutput.ExceptionNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$algorithm'. | 31 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fwrite | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite(). | 29 |
| Generic.PHP.BacktickOperator.Found | ERROR | Use of the backtick operator is forbidden | 24 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fread | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread(). | 23 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"[$k]=>\""'. | 18 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound | WARNING | Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "AMFReader". | 17 |
| WordPress.DB.RestrictedFunctions.mysql_mysql_real_escape_string | ERROR | Accessing the database directly should be avoided. Please use the $wpdb object and associated functions instead. Found: mysql_real_escape_string. | 15 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "get_sites()" requires WordPress 4.6.0, but your plugin minimum supported version is WordPress 4.1.0. | 13 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_key | WARNING | Detected usage of meta_key, possible slow query. | 8 |
| WordPress.DB.RestrictedFunctions.mysql_mysql_query | ERROR | Accessing the database directly should be avoided. Please use the $wpdb object and associated functions instead. Found: mysql_query. | 6 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_value | WARNING | Detected usage of meta_value, possible slow query. | 4 |
| library_core_files | ERROR | Library files that are already in the WordPress core are not permitted. | 4 |
| WordPress.WP.AlternativeFunctions.file_system_operations_touch | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: touch(). | 3 |
| trademarked_term | WARNING | The plugin name includes a restricted term. Your chosen plugin name - "rtMedia for WordPress, BuddyPress and bbPress" - contains the restricted term "wordpress" which cannot be used at all in your plugin name. | 3 |
| Squiz.PHP.DiscouragedFunctions.Discouraged | WARNING | The use of function set_time_limit() is discouraged | 2 |
| WordPress.DB.RestrictedFunctions.mysql_mysql_fetch_array | ERROR | Accessing the database directly should be avoided. Please use the $wpdb object and associated functions instead. Found: mysql_fetch_array. | 2 |
| WordPress.WP.AlternativeFunctions.file_system_operations_is_writable | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable(). | 2 |
Latest Snapshot
Findings
996
Errors
363
Warnings
633
Score History
First score snapshot
First scan completed Jun 20, 2026
v4.7.10 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v4.7.10
21
Latest
- Findings
- 996
- Errors
- 363
- Warnings
- 633
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 21 | 996 | 363 | 633 | v4.7.10 | 2.0.0 | 2026.06-mvp-static-v2 |
