The best WordPress donation plugin. Create fundraising donation forms, accept recurring donations, easy donor management, add crowdfunding, and more.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
214
15 issue groups
Security
118
8 issue groups
I18n
16
1 issue group
Performance
3
1 issue group
WARNINGMaintainabilityerror log error logerror_log() found. Debug code should not normally be used in production.47
- Category
- Maintainability
- Occurrences
- 47
- Severity
- warning
Sample message
error_log() found. Debug code should not normally be used in production.
WARNINGSecurityRecommendedProcessing form data without nonce verification.35
- Category
- Security
- Occurrences
- 35
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityMissing Unslash$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar30
- Category
- Security
- Occurrences
- 30
- Severity
- warning
Sample message
$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGMaintainabilityNot In FooterIn footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.27
- Category
- Maintainability
- Occurrences
- 27
- Severity
- warning
Sample message
In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.
WARNINGMaintainabilityNon Prefixed Variable FoundGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$base_url".23
- Category
- Maintainability
- Occurrences
- 23
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$base_url".
ERRORMaintainabilitymissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;22
- Category
- Maintainability
- Occurrences
- 22
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
ERRORMaintainabilitywp function not compatible with requires wpFunction "get_block_wrapper_attributes()" requires WordPress 5.6.0, but your plugin minimum supported version is WordPress 5.0.0.18
- Category
- Maintainability
- Occurrences
- 18
- Severity
- error
Sample message
Function "get_block_wrapper_attributes()" requires WordPress 5.6.0, but your plugin minimum supported version is WordPress 5.0.0.
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.17
- Category
- Maintainability
- Occurrences
- 17
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().17
- Category
- Maintainability
- Occurrences
- 17
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$css'.16
- Category
- Security
- Occurrences
- 16
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$css'.
Show 15 moreShow less
ERRORI18nMissing Translators Comment16
- Category
- I18n
- Occurrences
- 16
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
WARNINGSecurityInput Not Sanitized13
- Category
- Security
- Occurrences
- 13
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_GET['_wpnonce']
WARNINGMaintainabilityslow db query meta key10
- Category
- Maintainability
- Occurrences
- 10
- Severity
- warning
Sample message
Detected usage of meta_key, possible slow query.
WARNINGMaintainabilityslow db query meta value9
- Category
- Maintainability
- Occurrences
- 9
- Severity
- warning
Sample message
Detected usage of meta_value, possible slow query.
WARNINGSecurityInterpolated Not Prepared8
- Category
- Security
- Occurrences
- 8
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable {$campaigns_table} at "SELECT COUNT(*) FROM {$campaigns_table} WHERE %d = %d"
WARNINGMaintainabilityslow db query meta query8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- warning
Sample message
Detected usage of meta_query, possible slow query.
ERRORSecurityException Not Escaped8
- Category
- Security
- Occurrences
- 8
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$file'.
ERRORMaintainabilityfile system operations fclose6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
WARNINGSecurityUnescaped DBParameter5
- Category
- Security
- Occurrences
- 5
- Severity
- warning
Sample message
Unescaped parameter $campaigns_table used in $wpdb->get_var()\n$campaigns_table assigned unsafely at line 401.
ERRORMaintainabilitydate date3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
WARNINGSecurityInput Not Validated3
- Category
- Security
- Occurrences
- 3
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_POST['nonce']. Check that the array index exists before using it.
ERRORMaintainabilityfile system operations fopen3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
WARNINGPerformancePost Not In exclude3
- Category
- Performance
- Occurrences
- 3
- Severity
- warning
Sample message
Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
ERRORMaintainabilityPlugin Directory Write2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
Plugin folders are deleted when upgraded. Do not save data to the plugin folder using unzip_file(). Detected usage of constant WP_PLUGIN_DIR. Use wp_upload_dir() to get the uploads directory path or save to the database instead.
WARNINGMaintainabilityerror log set error handler2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
set_error_handler() found. Debug code should not normally be used in production.
Score History
First score snapshot
v1.8.11.2
26
Latest
- Findings
- 367
- Errors
- 97
- Warnings
- 270
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 26 | 367 | 97 | 270 | v1.8.11.2 | 2.0.0 |
Related Plugins
2k+ active installs
3k+ active installs
8k+ active installs
4k+ active installs
1k+ active installs
20k+ active installs