PluginScore

CIO Custom Fields Importer

Simple, easy, fast and flexible, this add-on to WP All Import processes large data sets from any XML or CSV files to any contents.

v1.0.3VisualDataUpdated Added 500 installs100% rating
WooCommerce customer importcomments importhigh performancetaxonomy importuser import
49
Score
23
Errors
8
Warnings
+0
Change

Category Scores

Security13
Repo91
Performance100
Maintainability90

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

31 findings

Security

16

5 issue groups

Maintainability

7

4 issue groups

I18n

6

3 issue groups

Repo Compliance

2

2 issue groups

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$field_params['name']'.6
Category
Security
Occurrences
6
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$field_params['name']'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $my_pod4
Category
Security
Occurrences
4
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $my_pod

WordPress.DB.PreparedSQL.NotPrepared
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.3
Category
Security
Occurrences
3
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
ERRORI18nNon Singular String Literal TextThe $text parameter must be a single text string literal. Found: $field_params['name']3
Category
I18n
Occurrences
3
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $field_params['name']

WordPress.WP.I18n.NonSingularStringLiteralTextReference
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.2
Category
Security
Occurrences
2
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunctionReference
ERRORI18nText Domain MismatchMismatched text domain. Expected 'custom-fields-csv-xml-importer' but got 'pmxi_plugin'.2
Category
I18n
Occurrences
2
Severity
error

Sample message

Mismatched text domain. Expected 'custom-fields-csv-xml-importer' but got 'pmxi_plugin'.

WordPress.WP.I18n.TextDomainMismatchReference
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
ERRORSecurityDatabase parameter is not escapedUnescaped parameter $my_pod->ID used in $wpdb->get_results()\n$my_pod->ID used without escaping.1
Category
Security
Occurrences
1
Severity
error

Sample message

Unescaped parameter $my_pod->ID used in $wpdb->get_results()\n$my_pod->ID used without escaping.

PluginCheck.Security.DirectDB.UnescapedDBParameter
Show 4 more
ERRORMaintainabilityunlink unlink1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

WordPress.WP.AlternativeFunctions.unlink_unlink
ERRORI18nNon Singular String Literal Domain1
Category
I18n
Occurrences
1
Severity
error

Sample message

The $domain parameter must be a single text string literal. Found: 'rapid_addon_'.$this->slug

WordPress.WP.I18n.NonSingularStringLiteralDomainReference
ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 4.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_headerReference
WARNINGRepo Compliancereadme parser warnings too many tags1
Category
Repo Compliance
Occurrences
1
Severity
warning

Sample message

One or more tags were ignored. Please limit your plugin to 5 tags.

readme_parser_warnings_too_many_tags

External Connections

Potential connections found in static code analysis.

4 domains

Outbound calls

10

External assets

0

Incoming endpoints

0

Notable Domains

vipp.com.au4 · outbound
wpallimport.com2 · outbound
raw.githubusercontent.com1 · outbound

Platform / Reference Domains

wordpress.org3 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Score History

First score snapshot

v1.0.3

49

Latest

Findings
31
Errors
23
Warnings
8
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

27 nodes

Related Plugins

Comments Import & Export

2k+ active installs

85