Send Contact Form 7, WPForms, Elementor, Ninja Forms, WPforms, Elementor, Ninja Forms, Contact Form Entries Plugin and many other contact form submiss …
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
I18n
543
3 issue groups
Maintainability
270
11 issue groups
Security
261
11 issue groups
ERRORI18nText Domain MismatchMismatched text domain. Expected 'cf7-hubspot' but got 'contact-form-entries'.486
- Category
- I18n
- Occurrences
- 486
- Severity
- error
Sample message
Mismatched text domain. Expected 'cf7-hubspot' but got 'contact-form-entries'.
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_log_id".154
- Category
- Maintainability
- Occurrences
- 154
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_log_id".
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"' $sel >"'.99
- Category
- Security
- Occurrences
- 99
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"' $sel >"'.
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.50
- Category
- Security
- Occurrences
- 50
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.36
- Category
- I18n
- Occurrences
- 36
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.31
- Category
- Maintainability
- Occurrences
- 31
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $id31
- Category
- Security
- Occurrences
- 31
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $id
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().29
- Category
- Maintainability
- Occurrences
- 29
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'add_page_html_'.$this->id".22
- Category
- Maintainability
- Occurrences
- 22
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'add_page_html_'.$this->id".
ERRORI18nUnordered Placeholders TextMultiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in 'Add Hubspot Tracking Code in wordpress footer or install the %s HubSpot All-In-One Marketing %s'.21
- Category
- I18n
- Occurrences
- 21
- Severity
- error
Sample message
Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in 'Add Hubspot Tracking Code in wordpress footer or install the %s HubSpot All-In-One Marketing %s'.
Show 15 moreShow less
ERRORMaintainabilitydate date17
- Category
- Maintainability
- Occurrences
- 17
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
ERRORSecurityDatabase parameter is not escaped16
- Category
- Security
- Occurrences
- 16
- Severity
- error
Sample message
Unescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 107.
WARNINGSecurityRequest data is not unslashed16
- Category
- Security
- Occurrences
- 16
- Severity
- warning
Sample message
$_COOKIE['hubspotutk'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityInput is not sanitized15
- Category
- Security
- Occurrences
- 15
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_COOKIE['hubspotutk']
WARNINGSecurityInterpolated SQL is not prepared8
- Category
- Security
- Occurrences
- 8
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $active_clause at "SELECT * FROM $table_name WHERE form_id=%s $active_clause ORDER BY sort"
WARNINGSecurityInput is not validated8
- Category
- Security
- Occurrences
- 8
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_REQUEST['entry_id']. Check that the array index exists before using it.
WARNINGSecurityDatabase parameter is not escaped7
- Category
- Security
- Occurrences
- 7
- Severity
- warning
Sample message
Unescaped parameter $table used in $wpdb->get_results()\n$table assigned unsafely at line 380.
WARNINGMaintainabilityerror log print r6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- warning
Sample message
print_r() found. Debug code should not normally be used in production.
ERRORSecurityUnsafe printing function6
- Category
- Security
- Occurrences
- 6
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
WARNINGSecurityMissing nonce verification5
- Category
- Security
- Occurrences
- 5
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGMaintainabilitySchema Change3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
Attempting a database schema change is discouraged.
WARNINGMaintainabilityMissing Version3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
Resource version not set in call to wp_register_style(). This means new versions of the style may not always be loaded due to browser caching.
WARNINGMaintainabilityNon-prefixed class2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "vx_crmperks_cf".
WARNINGMaintainabilitytrademarked term2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
The plugin name includes a restricted term. Your chosen plugin name - "Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms" - contains the restricted term "wp" which cannot be used at all in your plugin name.
WARNINGMaintainabilityDynamic hook name1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$this->id.'_show_manual_export_button'".
External Connections
Not analyzed yet.
Score History
First score snapshot
v1.4.5
27
Latest
- Findings
- 1,087
- Errors
- 720
- Warnings
- 367
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 27 | 1,087 | 720 | 367 | v1.4.5 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.
Relationship links
Author
Category
Issue
Related
Author
Category
Issue
Related
Related Plugins
10k+ active installs
1k+ active installs
10k+ active installs
1k+ active installs
6k+ active installs
9k+ active installs