CookieFox – Cookie Notice

CookieFox is a performant and accessible cookie notice and consent solution for WordPress.

v2.0.11Fabian PimmingerUpdated Added 400 installs100% rating
48
Score
14
Errors
19
Warnings
+0
Change

Category Scores

Security11
Repo86
Performance100
Maintainability93

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

33 findings

Security

22

6 issue groups

Maintainability

6

5 issue groups

Repo Compliance

3

3 issue groups

I18n

2

2 issue groups

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$args['checked']'.8
Category
Security
Occurrences
8
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$args['checked']'.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.6
Category
Security
Occurrences
6
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.3
Category
Security
Occurrences
3
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WARNINGMaintainabilityslow db query meta keyDetected usage of meta_key, possible slow query.2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Detected usage of meta_key, possible slow query.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['_wpnonce']2
Category
Security
Occurrences
2
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['_wpnonce']

WARNINGSecurityRequest data is not unslashed$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar2
Category
Security
Occurrences
2
Severity
warning

Sample message

$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGI18nDiscouraged text-domain loadingload_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.1
Category
I18n
Occurrences
1
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

WARNINGMaintainabilityslow db query tax queryDetected usage of tax_query, possible slow query.1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Detected usage of tax_query, possible slow query.

WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "wpml_current_language".1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "wpml_current_language".

WARNINGSecuritywp redirect wp redirectwp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.1
Category
Security
Occurrences
1
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

Show 6 more
ERRORI18nText Domain Mismatch1
Category
I18n
Occurrences
1
Severity
error

Sample message

Mismatched text domain. Expected 'cookiefox' but got 'cmb2'.

WARNINGMaintainabilitymismatched plugin name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Plugin name "CookieFox - Cookie Notice" is different from the name declared in plugin header "CookieFox".

ERRORRepo Compliancemismatched tested up to header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Mismatched "Tested up to": 6.4.3 != 6.8.1. The "Tested up to" value in the readme file must match the "Tested up to" value in the plugin header. If the plugin header has a "Tested up to" value, it will override the readme value, which can cause confusion.

WARNINGMaintainabilitymissing composer json file1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

The "/vendor" directory using composer exists, but "composer.json" file is missing.

ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.4 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

WARNINGRepo Compliancereadme parser warnings too many tags1
Category
Repo Compliance
Occurrences
1
Severity
warning

Sample message

One or more tags were ignored. Please limit your plugin to 5 tags.

External Connections

Potential connections found in static code analysis.

19 domains

Outbound calls

116

External assets

0

Incoming endpoints

3

Notable Domains

cmb2.io60 · outbound
docs.jquery.com4 · outbound
jquery.org4 · outbound
jqueryui.com4 · outbound
v2.wp-api.org3 · outbound
php-fig.org2 · outbound

Platform / Reference Domains

github.com19 · platform/reference
wordpress.org6 · platform/reference
core.trac.wordpress.org2 · platform/reference
opensource.org2 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

/wp-json/cookiefox/v1/cookiesREST

register_rest_route

wp_ajax_nopriv_cmb2_oembed_handlerpublic

wp_ajax

Admin AJAX endpoints1
wp_ajax_cmb2_oembed_handlerauthenticated

wp_ajax

Score History

First score snapshot

v2.0.11

48

Latest

Findings
33
Errors
14
Warnings
19
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins