A WordPress plugin to create block themes.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
38
12 issue groups
Security
7
2 issue groups
Repo Compliance
2
2 issue groups
Supply Chain
1
1 issue group
ERRORMaintainabilityunlink unlinkunlink() is discouraged. Use wp_delete_file() to delete a file.11
- Category
- Maintainability
- Occurrences
- 11
- Severity
- error
Sample message
unlink() is discouraged. Use wp_delete_file() to delete a file.
ERRORMaintainabilitymissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
ERRORSecurityUnsafe Printing FunctionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.5
- Category
- Security
- Occurrences
- 5
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
ERRORMaintainabilityparse url parse urlparse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
ERRORMaintainabilityNot AllowedUse of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead
ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.2
- Category
- Security
- Occurrences
- 2
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.
ERRORMaintainabilityfile system operations fcloseFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
ERRORMaintainabilityfile system operations fopenFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
ERRORMaintainabilityfile system operations freadFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread().2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread().
ERRORMaintainabilityrename renamerename() is discouraged. Use WP_Filesystem::move() to rename a file.2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
rename() is discouraged. Use WP_Filesystem::move() to rename a file.
Show 7 more issue groups
WARNINGMaintainabilityNot In Footer2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.
WARNINGMaintainabilityunexpected markdown file2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Unexpected markdown file "AGENTS.md" detected in plugin root. Only specific markdown files are expected in production plugins.
ERRORMaintainabilityPlugin Directory Write1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Plugin folders are deleted when upgraded. Do not save data to the plugin folder using copy(). Detected usage of function plugin_dir_path(). Use wp_upload_dir() to get the uploads directory path or save to the database instead.
ERRORMaintainabilityfile system operations readfile1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: readfile().
ERRORSupply Chainhidden files1
- Category
- Supply Chain
- Occurrences
- 1
- Severity
- error
Sample message
Hidden files are not permitted.
ERRORRepo Complianceoutdated tested upto header1
- Category
- Repo Compliance
- Occurrences
- 1
- Severity
- error
Sample message
Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.
WARNINGRepo Compliancereadme reserved contributors1
- Category
- Repo Compliance
- Occurrences
- 1
- Severity
- warning
Sample message
The "Contributors" header in the readme file contains reserved username(s). Found: "wordpressdotorg"
Score History
First score snapshot
Scan records1
v2.10.0
35
Latest
- Findings
- 48
- Errors
- 43
- Warnings
- 5
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Latest | 35 | 48 | 43 | 5 | v2.10.0 | 2.0.0 | 2026.06-mvp-static-v2 |
Related Plugins
7k+ active installs
9k+ active installs
10k+ active installs
20k+ active installs
30k+ active installs
8k+ active installs