Compliance by Hu-manity.co

Intentional Consent for WordPress — GDPR, CCPA, CPRA & ePrivacy compliance with consent records, autoblocking, Google Consent Mode v2 & GPC support.

v3.1.2HumanitycoUpdated Added 900k+ installs96% rating0% support resolved
31
Score
153
Errors
335
Warnings
+0
Change

Category Scores

Security0
Repo91
Performance98
Maintainability40

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

488 findings

Security

265

6 issue groups

Maintainability

119

14 issue groups

I18n

100

5 issue groups

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.97
Category
Security
Occurrences
97
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "breeze_clear_all_cache".61
Category
Maintainability
Occurrences
61
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "breeze_clear_all_cache".

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.56
Category
Security
Occurrences
56
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.53
Category
I18n
Occurrences
53
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WARNINGSecurityRequest data is not unslashed$_COOKIE['hu-consent'] not unslashed before sanitization. Use wp_unslash() or similar50
Category
Security
Occurrences
50
Severity
warning

Sample message

$_COOKIE['hu-consent'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE['hu-consent']29
Category
Security
Occurrences
29
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_COOKIE['hu-consent']

ERRORI18nUnordered Placeholders TextMultiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in '%s1 additional%s language'.29
Category
I18n
Occurrences
29
Severity
error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in '%s1 additional%s language'.

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$confirm_msg'.28
Category
Security
Occurrences
28
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$confirm_msg'.

ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().16
Category
I18n
Occurrences
16
Severity
error

Sample message

Missing $domain parameter in function call to __().

WARNINGMaintainabilityerror log error logerror_log() found. Debug code should not normally be used in production.9
Category
Maintainability
Occurrences
9
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

Show 15 more
ERRORMaintainabilitydate date8
Category
Maintainability
Occurrences
8
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WARNINGMaintainabilityNot In Footer8
Category
Maintainability
Occurrences
8
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WARNINGMaintainabilityNon-prefixed function6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "cn_cookies_accepted".

ERRORMaintainabilityNon Enqueued Script6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

Scripts must be registered/enqueued via wp_enqueue_script()

WARNINGSecurityInput is not validated5
Category
Security
Occurrences
5
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['nonce']. Check that the array index exists before using it.

ERRORMaintainabilityDeprecated parameter: add_option parameter 35
Category
Maintainability
Occurrences
5
Severity
error

Sample message

The parameter "null" at position #3 of add_option() has been deprecated since WordPress version 2.3.0. Use "" instead.

WARNINGMaintainabilityDirect Query3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo Caching3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WARNINGMaintainabilityMissing Version3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

ERRORMaintainabilitywp function not compatible with requires wp3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

Function "is_login()" requires WordPress 6.1.0, but your plugin minimum supported version is WordPress 4.9.6.

ERRORMaintainabilityparse url parse url2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

WARNINGMaintainabilityMixed line endings1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

File has mixed line endings; this may cause incorrect results

WARNINGI18nDiscouraged text-domain loading1
Category
I18n
Occurrences
1
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

WARNINGMaintainabilityerror log var export1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

var_export() found. Debug code should not normally be used in production.

ERRORI18nMissing Singular Placeholder1
Category
I18n
Occurrences
1
Severity
error

Sample message

Missing singular placeholder, needed for some languages. See https://codex.wordpress.org/I18n_for_WordPress_Developers#Plurals

External Connections

Potential connections found in static code analysis.

21 domains

Outbound calls

67

External assets

6

Incoming endpoints

33

Notable Domains

cookie-compliance.co14 · outbound
hu-manity.co6 · outbound
app.hu-manity.co4 · outbound
humaan.com4 · outbound
cdn.example.com3 · outbound
api.instagram.com2 · outbound

Platform / Reference Domains

w3.org15 · platform/reference
github.com4 · platform/reference
wordpress.org2 · platform/reference
opensource.org1 · platform/reference

External Asset Domains

js.braintreegateway.com5 · asset + outbound

Incoming Endpoints

/wp-json/cookie-notice/v1/purgeREST

register_rest_route

Admin AJAX endpoints32
admin_post_cookie_notice_wpca_disableauthenticated

admin_post

admin_post_cookie_notice_wpca_dismissauthenticated

admin_post

wp_ajax_cn_api_requestauthenticated

wp_ajax

wp_ajax_cn_dismiss_noticeauthenticated

wp_ajax

wp_ajax_cn_dismiss_welcomeauthenticated

wp_ajax

wp_ajax_cn_get_api_environmentauthenticated

wp_ajax

wp_ajax_cn_get_cookie_consent_logsauthenticated

wp_ajax

wp_ajax_cn_get_privacy_consent_logsauthenticated

wp_ajax

wp_ajax_cn_privacy_consent_display_tableauthenticated

wp_ajax

wp_ajax_cn_privacy_consent_form_statusauthenticated

wp_ajax

wp_ajax_cn_privacy_consent_get_formsauthenticated

wp_ajax

wp_ajax_cn_purge_cacheauthenticated

wp_ajax

20 more hidden

Score History

2 score snapshots

+0
1007550250Jun 19, 2026, 09:48 PM UTC Score 31/100 Plugin v3.1.1 Plugin Check 2.0.0 154 errors, 336 warningsJun 24, 2026, 09:53 AM UTC Score 31/100 Plugin v3.1.2 Plugin Check 2.0.0 153 errors, 335 warningsJun 19, 2026Jun 24, 2026

v3.1.2

31

Latest

Findings
488
Errors
153
Warnings
335
Check
2.0.0

v3.1.1

31

Score

Findings
490
Errors
154
Warnings
336
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins

Disable Emojis (GDPR friendly)

60k+ active installs

100
EU Withdrawal Compliance

900 active installs

100
Show Me The Cookies

500 active installs

100
WF Cookie Consent

10k+ active installs

100