Custom CSS

Add custom CSS, JS, PHP, tracking code. Very easy to use!

v1.4.0FRESHFACEUpdated Added 1k+ installs50% rating
24
Score
703
Errors
657
Warnings
+0
Change

Category Scores

Security0
Repo94
Performance100
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

1,360 findings

Security

654

7 issue groups

Maintainability

616

16 issue groups

I18n

28

2 issue groups

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"/* INPUT NOT FOUND scss $v */\n"'.461
Category
Security
Occurrences
461
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"/* INPUT NOT FOUND scss $v */\n"'.

WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "CSSmin".317
Category
Maintainability
Occurrences
317
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "CSSmin".

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_file_for_all_css".115
Category
Maintainability
Occurrences
115
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_file_for_all_css".

ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$msg: $loc"'.86
Category
Security
Occurrences
86
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$msg: $loc"'.

WARNINGMaintainabilityNon-prefixed constantGlobal constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DECLARED_FORM".71
Category
Maintainability
Occurrences
71
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DECLARED_FORM".

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE[$name]32
Category
Security
Occurrences
32
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_COOKIE[$name]

ERRORMaintainabilitycurl curl setoptUsing cURL functions is highly discouraged. Use wp_remote_get() instead.32
Category
Maintainability
Occurrences
32
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WARNINGSecurityRequest data is not unslashed$_COOKIE[$name] not unslashed before sanitization. Use wp_unslash() or similar31
Category
Security
Occurrences
31
Severity
warning

Sample message

$_COOKIE[$name] not unslashed before sanitization. Use wp_unslash() or similar

ERRORI18nText Domain MismatchMismatched text domain. Expected 'custom-css-editor' but got '__freshface'.22
Category
I18n
Occurrences
22
Severity
error

Sample message

Mismatched text domain. Expected 'custom-css-editor' but got '__freshface'.

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.16
Category
Security
Occurrences
16
Severity
warning

Sample message

Processing form data without nonce verification.

Show 15 more
WARNINGSecurityInput is not validated16
Category
Security
Occurrences
16
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST[$optionsName][$optionsName]. Check that the array index exists before using it.

WARNINGSecurityNonce verification recommended12
Category
Security
Occurrences
12
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORMaintainabilityMissing direct file access protection12
Category
Maintainability
Occurrences
12
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

ERRORMaintainabilitydate date9
Category
Maintainability
Occurrences
9
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

ERRORMaintainabilityPlugin Directory Write7
Category
Maintainability
Occurrences
7
Severity
error

Sample message

Plugin folders are deleted when upgraded. Do not save data to the plugin folder using copy(). Detected usage of __FILE__ or __DIR__ magic constant. Use wp_upload_dir() to get the uploads directory path or save to the database instead.

WARNINGMaintainabilityNon-prefixed hook name7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "ff_framework_initalized".

WARNINGMaintainabilityerror log var dump7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

var_dump() found. Debug code should not normally be used in production.

WARNINGMaintainabilityDiscouraged PHP function6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

The use of function ini_set() is discouraged

ERRORMaintainabilitycurl curl exec6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORMaintainabilitycurl curl init6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORMaintainabilityfile system operations fputs6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fputs().

ERRORI18nMissing Translators Comment6
Category
I18n
Occurrences
6
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WARNINGMaintainabilityNon-prefixed interface5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Interfaces declared by a theme/plugin should start with the theme/plugin prefix. Found: "ffIAdminScreen".

ERRORMaintainabilityfile system operations mkdir5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().

ERRORMaintainabilitybadly named files5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

File and folder names must not contain spaces or special characters.

External Connections

Potential connections found in static code analysis.

100 domains

Outbound calls

252

External assets

4

Incoming endpoints

3

Notable Domains

twitter.com15 · outbound
scripts.sil.org11 · outbound
api.envato.com7 · outbound
freshface.net7 · outbound
api.twitter.com6 · outbound
idangero.us6 · outbound

Platform / Reference Domains

github.com37 · platform/reference
w3.org16 · platform/reference
opensource.org7 · platform/reference
codex.wordpress.org5 · platform/reference
gnu.org2 · platform/reference

External Asset Domains

Incoming Endpoints

wp_ajax_nopriv_ff_ajaxpublic

wp_ajax

Admin AJAX endpoints2
wp_ajax_ff_ajaxauthenticated

wp_ajax

wp_ajax_ff_ajax_adminauthenticated

wp_ajax

Score History

First score snapshot

v1.4.0

24

Latest

Findings
1,360
Errors
703
Warnings
657
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

35 nodes

Related Plugins