PluginScore

CLUEVO LMS, E-Learning Platform

Transforms your WordPress into a powerful Learning Management System. Organize video tutorials, podcasts and interactive SCORM courses with quizzes an …

v1.13.3CLUEVOUpdated Added 400 installs100% rating0% support resolved
e-learninglmspdfquizscorm
23
Score
1,843
Errors
1,176
Warnings
+0
Change

Category Scores

Security0
Repo88
Performance100
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

3,019 findings

I18n

1,335

5 issue groups

Maintainability

911

10 issue groups

Security

713

10 issue groups

ERRORI18nText Domain MismatchMismatched text domain. Expected 'cluevo-lms' but got "cluevo".1,186
Category
I18n
Occurrences
1,186
Severity
error

Sample message

Mismatched text domain. Expected 'cluevo-lms' but got "cluevo".

WordPress.WP.I18n.TextDomainMismatchReference
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.267
Category
Maintainability
Occurrences
267
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().266
Category
Maintainability
Occurrences
266
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $modSql221
Category
Security
Occurrences
221
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $modSql

WordPress.DB.PreparedSQL.NotPrepared
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$a".201
Category
Maintainability
Occurrences
201
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$a".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.151
Category
Security
Occurrences
151
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;86
Category
Maintainability
Occurrences
86
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.78
Category
I18n
Occurrences
78
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsCommentReference
ERRORSecurityDatabase parameter is not escapedUnescaped parameter $sql used in $wpdb->get_results()74
Category
Security
Occurrences
74
Severity
error

Sample message

Unescaped parameter $sql used in $wpdb->get_results()

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGSecurityRequest data is not unslashed$_COOKIE["cluevo-content-list-style"] not unslashed before sanitization. Use wp_unslash() or similar62
Category
Security
Occurrences
62
Severity
warning

Sample message

$_COOKIE["cluevo-content-list-style"] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
Show 15 more
WARNINGSecurityInterpolated SQL is not prepared56
Category
Security
Occurrences
56
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $depTable at "DELETE FROM $depTable WHERE item_id = %d"

WordPress.DB.PreparedSQL.InterpolatedNotPrepared
WARNINGSecurityInput is not sanitized50
Category
Security
Occurrences
50
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['nonce']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityMissing nonce verification30
Category
Security
Occurrences
30
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGSecurityInput is not validated28
Category
Security
Occurrences
28
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_FILES['module-file']['tmp_name']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
ERRORI18nMissing Arg Domain25
Category
I18n
Occurrences
25
Severity
error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomainReference
ERRORI18nNon Singular String Literal Text25
Category
I18n
Occurrences
25
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $checked

WordPress.WP.I18n.NonSingularStringLiteralTextReference
ERRORSecurityOutput is not escaped21
Category
Security
Occurrences
21
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"var itemId = $item->item_id;\n"'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
ERRORI18nUnordered Placeholders Text21
Category
I18n
Occurrences
21
Severity
error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in '%s modules (%s unique)'.

WordPress.WP.I18n.UnorderedPlaceholdersTextReference
WARNINGSecurityDatabase parameter is not escaped20
Category
Security
Occurrences
20
Severity
warning

Sample message

Unescaped parameter $optTable used in $wpdb->get_results()\n$optTable assigned unsafely at line 7.

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGMaintainabilitySchema Change20
Category
Maintainability
Occurrences
20
Severity
warning

Sample message

Attempting a database schema change is discouraged.

WordPress.DB.DirectDatabaseQuery.SchemaChange
ERRORMaintainabilitywp function not compatible with requires wp18
Category
Maintainability
Occurrences
18
Severity
error

Sample message

Function "get_dirsize()" requires WordPress 5.2.0, but your plugin minimum supported version is WordPress 4.6.0.

wp_function_not_compatible_with_requires_wpReference
ERRORMaintainabilityfile system operations mkdir15
Category
Maintainability
Occurrences
15
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().

WordPress.WP.AlternativeFunctions.file_system_operations_mkdir
ERRORMaintainabilityunlink unlink15
Category
Maintainability
Occurrences
15
Severity
error

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

WordPress.WP.AlternativeFunctions.unlink_unlink
ERRORMaintainabilityNot Allowed12
Category
Maintainability
Occurrences
12
Severity
error

Sample message

Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead

PluginCheck.CodeAnalysis.Heredoc.NotAllowed
ERRORMaintainabilityrename rename11
Category
Maintainability
Occurrences
11
Severity
error

Sample message

rename() is discouraged. Use WP_Filesystem::move() to rename a file.

WordPress.WP.AlternativeFunctions.rename_rename

External Connections

Potential connections found in static code analysis.

22 domains

Outbound calls

54

External assets

0

Incoming endpoints

15

Notable Domains

wp-lms.cluevo.at7 · outbound
vuejs.org5 · outbound
cdn.jsdelivr.net2 · outbound
fontawesome.com2 · outbound
html.spec.whatwg.org2 · outbound
adlnet.gov1 · outbound

Platform / Reference Domains

w3.org12 · platform/reference
github.com8 · platform/reference
gnu.org2 · platform/reference
opensource.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints15
admin_post_cluevo-create-metadata-pageauthenticated

admin_post

admin_post_cluevo-delete-moduleauthenticated

admin_post

admin_post_cluevo-delete-module-zipauthenticated

admin_post

admin_post_cluevo-delete-zipauthenticated

admin_post

admin_post_cluevo-run-db-upgradeauthenticated

admin_post

admin_post_cluevo-save-settingsauthenticated

admin_post

admin_post_cluevo-save-treeauthenticated

admin_post

admin_post_cluevo-zip-moduleauthenticated

admin_post

wp_ajax_cluevo-delete-pending-moduleauthenticated

wp_ajax

wp_ajax_cluevo-dismiss-noticeauthenticated

wp_ajax

wp_ajax_cluevo-get-progress-entryauthenticated

wp_ajax

wp_ajax_cluevo-install-pending-moduleauthenticated

wp_ajax

3 more hidden

Score History

First score snapshot

v1.13.3

23

Latest

Findings
3,019
Errors
1,843
Warnings
1,176
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins

PDF Embed Block – Embed PDF Files in Posts or Pages

4k+ active installs

100
PDF Poster – Display PDF Files with Custom Viewer

20k+ active installs

100
Quiz Builder for WooCommerce – Product Recommendations

2k+ active installs

99
FluentCommunity – Ultra-Fast High-Performance Social Network, Community, LMS & Online Courses

8k+ active installs

98
Gravity Forms Personality Quiz Add-On

500 active installs

98
Simplebooklet PDF Viewer and Embedder

700 active installs

98