Contact Form Generator is a creative and powerful contact form builder! You will get ready-to-use forms in 5 minutes!
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
1,475
12 issue groups
Maintainability
1,101
11 issue groups
I18n
2
1 issue group
Performance
2
1 issue group
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$border_bottom_width"'.974
- Category
- Security
- Occurrences
- 974
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$border_bottom_width"'.
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$act".920
- Category
- Maintainability
- Occurrences
- 920
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$act".
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.176
- Category
- Security
- Occurrences
- 176
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.95
- Category
- Security
- Occurrences
- 95
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityRequest data is not unslashed$_GET['act'] not unslashed before sanitization. Use wp_unslash() or similar92
- Category
- Security
- Occurrences
- 92
- Severity
- warning
Sample message
$_GET['act'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.73
- Category
- Maintainability
- Occurrences
- 73
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().73
- Category
- Maintainability
- Occurrences
- 73
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $forms_sql57
- Category
- Security
- Occurrences
- 57
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $forms_sql
ERRORSecurityDatabase parameter is not escapedUnescaped parameter $forms_sql used in $wpdb->get_results()33
- Category
- Security
- Occurrences
- 33
- Severity
- error
Sample message
Unescaped parameter $forms_sql used in $wpdb->get_results()
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_POST['data']. Check that the array index exists before using it.24
- Category
- Security
- Occurrences
- 24
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_POST['data']. Check that the array index exists before using it.
Show 15 moreShow less
WARNINGSecurityInput is not sanitized18
- Category
- Security
- Occurrences
- 18
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_POST['data']
WARNINGMaintainabilityNot In Footer12
- Category
- Maintainability
- Occurrences
- 12
- Severity
- warning
Sample message
In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.
WARNINGMaintainabilityNon-prefixed function11
- Category
- Maintainability
- Occurrences
- 11
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "close_accordion".
ERRORMaintainabilitystrip tags strip tags5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.
WARNINGSecurityInterpolated SQL is not prepared2
- Category
- Security
- Occurrences
- 2
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $ids_placeholder at " WHERE `id` IN ($ids_placeholder)"
WARNINGSecurityUnnecessary Prepare2
- Category
- Security
- Occurrences
- 2
- Severity
- warning
Sample message
It is not necessary to prepare a query which doesn't use variable replacement.
WARNINGMaintainabilityslow db query meta key2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Detected usage of meta_key, possible slow query.
WARNINGMaintainabilityslow db query meta value2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Detected usage of meta_value, possible slow query.
ERRORI18nMissing Arg Domain2
- Category
- I18n
- Occurrences
- 2
- Severity
- error
Sample message
Missing $domain parameter in function call to esc_html__().
WARNINGPerformancePost Not In exclude2
- Category
- Performance
- Occurrences
- 2
- Severity
- warning
Sample message
Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
ERRORSecuritySetting is missing a sanitization callback1
- Category
- Security
- Occurrences
- 1
- Severity
- error
Sample message
Sanitization missing for register_setting().
WARNINGSecurityUnfinished Prepare1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
Replacement variables found, but no valid placeholders found in the query.
ERRORMaintainabilitydate date1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
WARNINGMaintainabilityNon-prefixed class1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "contactformgenerator_widget".
WARNINGMaintainabilityprevent path disclosure error reporting1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
error_reporting() can lead to full path disclosure.
External Connections
Potential connections found in static code analysis.
Outbound calls
58
External assets
0
Incoming endpoints
2
Notable Domains
Platform / Reference Domains
External Asset Domains
No external asset domains detected.
Incoming Endpoints
wp_ajax
Admin AJAX endpoints1
wp_ajax
Score History
First score snapshot
v2.9.1
27
Latest
- Findings
- 2,586
- Errors
- 1,076
- Warnings
- 1,510
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 27 | 2,586 | 1,076 | 1,510 | v2.9.1 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.
Relationship links
Author
Category
Issue
Domain
Related
Author
Category
Issue
Domain
Related
Related Plugins
3k+ active installs
1k+ active installs
1k+ active installs
1k+ active installs
10k+ active installs
10k+ active installs