In any online website, hackers and unscrupulous users will try and attack your website. Whether it is trying to attack your website by brute forcing …
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
417
11 issue groups
Maintainability
152
13 issue groups
I18n
12
1 issue group
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Database support is turned on in Securimage, but the chosen extension $pdo_extension is not loaded in PHP."'.82
- Category
- Security
- Occurrences
- 82
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Database support is turned on in Securimage, but the chosen extension $pdo_extension is not loaded in PHP."'.
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['distortion']68
- Category
- Security
- Occurrences
- 68
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_GET['distortion']
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.58
- Category
- Security
- Occurrences
- 58
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
WARNINGSecurityRequest data is not unslashed$_GET['distortion'] not unslashed before sanitization. Use wp_unslash() or similar52
- Category
- Security
- Occurrences
- 52
- Severity
- warning
Sample message
$_GET['distortion'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_GET['distortion']. Check that the array index exists before using it.51
- Category
- Security
- Occurrences
- 51
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_GET['distortion']. Check that the array index exists before using it.
ERRORMaintainabilityrand mt randmt_rand() is discouraged. Use the far less predictable wp_rand() instead.50
- Category
- Maintainability
- Occurrences
- 50
- Severity
- error
Sample message
mt_rand() is discouraged. Use the far less predictable wp_rand() instead.
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.37
- Category
- Security
- Occurrences
- 37
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGMaintainabilityerror log trigger errortrigger_error() found. Debug code should not normally be used in production.25
- Category
- Maintainability
- Occurrences
- 25
- Severity
- warning
Sample message
trigger_error() found. Debug code should not normally be used in production.
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.25
- Category
- Security
- Occurrences
- 25
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $currTime at "DELETE FROM $table WHERE last_attempt < '$currTime'"15
- Category
- Security
- Occurrences
- 15
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $currTime at "DELETE FROM $table WHERE last_attempt < '$currTime'"
Show 15 moreShow less
ERRORSecurityException output is not escaped15
- Category
- Security
- Occurrences
- 15
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Error generating audio captcha on letter '$letter': "'.
WARNINGMaintainabilityDirect Query12
- Category
- Maintainability
- Occurrences
- 12
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
ERRORI18nMissing Arg Domain12
- Category
- I18n
- Occurrences
- 12
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
WARNINGMaintainabilityNo Caching11
- Category
- Maintainability
- Occurrences
- 11
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
WARNINGSecurityDatabase parameter is not escaped10
- Category
- Security
- Occurrences
- 10
- Severity
- warning
Sample message
Unescaped parameter $table used in $wpdb->get_results()\n$table assigned unsafely at line 158.
ERRORMaintainabilityfile system operations fclose10
- Category
- Maintainability
- Occurrences
- 10
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
ERRORMaintainabilityfile system operations fopen9
- Category
- Maintainability
- Occurrences
- 9
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
ERRORMaintainabilityMissing direct file access protection7
- Category
- Maintainability
- Occurrences
- 7
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
ERRORMaintainabilitydate date6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
ERRORMaintainabilityfile system operations fread6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread().
ERRORMaintainabilityfile system operations fwrite5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().
ERRORMaintainabilityBacktick operator found4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
Use of the backtick operator is forbidden
WARNINGSecurityInput is not validated or sanitized4
- Category
- Security
- Occurrences
- 4
- Severity
- warning
Sample message
Detected usage of a non-sanitized, non-validated input variable _SERVER: "<br /><br /><em>IP Address:</em> {$_SERVER['REMOTE_ADDR']}<br />"
ERRORMaintainabilityrand rand4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
rand() is discouraged. Use the far less predictable wp_rand() instead.
ERRORMaintainabilitymysql PDO3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
Accessing the database directly should be avoided. Please use the $wpdb object and associated functions instead. Found: \PDO.
External Connections
Not analyzed yet.
Score History
First score snapshot
v1.4.2
21
Latest
- Findings
- 623
- Errors
- 300
- Warnings
- 323
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 21 | 623 | 300 | 323 | v1.4.2 | 2.0.0 |
Related Plugins
10k+ active installs
10k+ active installs
4k+ active installs
3k+ active installs
300k+ active installs
200k+ active installs