CheckView – Form & Checkout Testing

CheckView automates WordPress form and WooCommerce testing, monitoring key flows to catch failures early before they cost you leads or sales everyday.

v2.2.1CheckViewUpdated 6 days agoAdded 2 years ago1k+ installs100% rating

form monitoring form testing site monitoring woocommerce testing wordpress testing

Score

Errors

337

Warnings

Change

Category Scores

Security0

Repo91

Performance98

Maintainability8

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

403 findings

Maintainability

281

16 issue groups

Security

8 issue groups

I18n

1 issue group

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.84

Category: Maintainability
Occurrences: 84
Severity: warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().50

Category: Maintainability
Occurrences: 50
Severity: warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.27

Category: Security
Occurrences: 27
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended

WARNINGMaintainabilityslow db query meta keyDetected usage of meta_key, possible slow query.23

Category: Maintainability
Occurrences: 23
Severity: warning

Sample message

Detected usage of meta_key, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_key

WARNINGMaintainabilityslow db query meta valueDetected usage of meta_value, possible slow query.23

Category: Maintainability
Occurrences: 23
Severity: warning

Sample message

Detected usage of meta_value, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_value

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$allow_dev".23

Category: Maintainability
Occurrences: 23
Severity: warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$allow_dev".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound

ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $query18

Category: Security
Occurrences: 18
Severity: error

Sample message

Use placeholders and $wpdb->prepare(); found $query

WordPress.DB.PreparedSQL.NotPrepared

WARNINGMaintainabilityupgrade notice limitThe upgrade notice for "1.1.15" exceeds the limit of 300 characters.17

Category: Maintainability
Occurrences: 17
Severity: warning

Sample message

The upgrade notice for "1.1.15" exceeds the limit of 300 characters.

upgrade_notice_limit

ERRORSecurityDatabase parameter is not escapedUnescaped parameter $query used in $wpdb->get_results()\n$query assigned unsafely at line 2047.16

Category: Security
Occurrences: 16
Severity: error

Sample message

Unescaped parameter $query used in $wpdb->get_results()\n$query assigned unsafely at line 2047.

PluginCheck.Security.DirectDB.UnescapedDBParameter

WARNINGMaintainabilityerror log error logerror_log() found. Debug code should not normally be used in production.15

Category: Maintainability
Occurrences: 15
Severity: warning

Sample message

error_log() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_error_log

Show 15 more

WARNINGMaintainabilityNon-prefixed function11

Category: Maintainability
Occurrences: 11
Severity: warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "activate_checkview".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound

WARNINGMaintainabilitySchema Change8

Category: Maintainability
Occurrences: 8
Severity: warning

Sample message

Attempting a database schema change is discouraged.

WordPress.DB.DirectDatabaseQuery.SchemaChange

WARNINGSecurityInterpolated SQL is not prepared8

Category: Security
Occurrences: 8
Severity: warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $cv_used_nonces at "SELECT COUNT(*) FROM $cv_used_nonces WHERE nonce = %s"

WordPress.DB.PreparedSQL.InterpolatedNotPrepared

WARNINGMaintainabilityNon-prefixed constant8

Category: Maintainability
Occurrences: 8
Severity: warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "CV_DISABLE_EMAIL_RECEIPT".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound

WARNINGSecurityInput is not sanitized8

Category: Security
Occurrences: 8
Severity: warning

Sample message

Detected usage of a non-sanitized input variable: $_POST['formData']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

ERRORI18nNon Singular String Literal Text7

Category: I18n
Occurrences: 7
Severity: error

Sample message

The $text parameter must be a single text string literal. Found: 'Error fetching whitelisted IPs: ' . $response->get_error_message()

WordPress.WP.I18n.NonSingularStringLiteralText Reference

WARNINGSecurityDatabase parameter is not escaped6

Category: Security
Occurrences: 6
Severity: warning

Sample message

Unescaped parameter $cv_used_nonces used in $wpdb->get_var()

PluginCheck.Security.DirectDB.UnescapedDBParameter

WARNINGSecurityMissing nonce verification6

Category: Security
Occurrences: 6
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing

WARNINGSecurityRequest data is not unslashed6

Category: Security
Occurrences: 6
Severity: warning

Sample message

$_SERVER['HTTP_CF_CONNECTING_IP'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash

WARNINGMaintainabilityerror log print r4

Category: Maintainability
Occurrences: 4
Severity: warning

Sample message

print_r() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_print_r

ERRORMaintainabilityfile system operations fclose4

Category: Maintainability
Occurrences: 4
Severity: error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

WordPress.WP.AlternativeFunctions.file_system_operations_fclose

ERRORMaintainabilitywp function not compatible with requires wp4

Category: Maintainability
Occurrences: 4
Severity: error

Sample message

Function "array_find()" requires WordPress 6.8.0, but your plugin minimum supported version is WordPress 5.0.1.

wp_function_not_compatible_with_requires_wp Reference

ERRORMaintainabilityfile system operations fopen3

Category: Maintainability
Occurrences: 3
Severity: error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

WordPress.WP.AlternativeFunctions.file_system_operations_fopen

ERRORMaintainabilityOffloaded Content2

Category: Maintainability
Occurrences: 2
Severity: error

Sample message

Found call to wp_enqueue_script() with external resource. Offloading scripts to your servers or any remote service is disallowed.

PluginCheck.CodeAnalysis.EnqueuedResourceOffloading.OffloadedContent

WARNINGMaintainabilityprevent path disclosure error reporting2

Category: Maintainability
Occurrences: 2
Severity: warning

Sample message

error_reporting() can lead to full path disclosure.

WordPress.PHP.DevelopmentFunctions.prevent_path_disclosure_error_reporting

External Connections

Potential connections found in static code analysis.

21 domains

Outbound calls

External assets

Incoming endpoints

Notable Domains

checkview.io5 · outbound

api.cleantalk.org3 · outbound

app.checkview.io3 · outbound

php.net3 · outbound

php-fig.org2 · outbound

tools.ietf.org2 · outbound

Platform / Reference Domains

github.com10 · platform/reference

opensource.org2 · platform/reference

gnu.org1 · platform/reference

External Asset Domains

cdn.jsdelivr.net4 · asset + outbound

fonts.googleapis.com1 · asset

Incoming Endpoints

/wp-json/checkview/v1/checkview-statusREST

register_rest_route

/wp-json/checkview/v1/deletetestuserREST

register_rest_route

/wp-json/checkview/v1/forms/deleteformstestREST

register_rest_route

/wp-json/checkview/v1/forms/formslistREST

register_rest_route

/wp-json/checkview/v1/forms/formstestresultsREST

register_rest_route

/wp-json/checkview/v1/forms/registerformtestREST

register_rest_route

Admin AJAX endpoints4

admin_post_checkview_admin_advance_settingsauthenticated

admin_post

admin_post_checkview_admin_logs_settingsauthenticated

admin_post

wp_ajax_checkview_get_statusauthenticated

wp_ajax

wp_ajax_checkview_update_cacheauthenticated

wp_ajax

Score History

First score snapshot

yesterday

v2.2.1

Latest

Findings: 403
Errors: 66
Warnings: 337
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
yesterdayLatest	25	403	66	337	v2.2.1	2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

30 nodes

Loading map

PluginAuthorCategoryIssueDomainRelated

Relationship links

Issue

Domain

checkview.io5 signals api.cleantalk.org3 signals app.checkview.io3 signals php.net3 signals php-fig.org2 signals tools.ietf.org2 signals verify.checkview.io2 signals datatracker.ietf.org1 signal