PluginScore

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login

Create user registration forms, build advanced registration forms, accept payments, track submissions, manage users, assign user roles, analyze stats …

v6.0.9.3MetagaussUpdated Added 8k+ installs90% rating100% support resolved
User Registrationevent registrationpayment formregistrationregistration form
22
Score
3,654
Errors
5,061
Warnings
+0
Change

Category Scores

Security0
Repo80
Performance98
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

8,715 findings

Security

4,179

11 issue groups

Maintainability

3,615

11 issue groups

I18n

486

3 issue groups

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$RM_EX_LMSupport".1,692
Category
Maintainability
Occurrences
1,692
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$RM_EX_LMSupport".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" > $price_drop </span>"'.1,309
Category
Security
Occurrences
1,309
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" > $price_drop </span>"'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.1,086
Category
Security
Occurrences
1,086
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunctionReference
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.503
Category
Maintainability
Occurrences
503
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().490
Category
Maintainability
Occurrences
490
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.337
Category
I18n
Occurrences
337
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsCommentReference
WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb-&gt;prepare(); found interpolated variable $column at &quot;SELECT $column FROM `$table_name` WHERE `$foreign_key` = %d AND `is_pending` = 0 ORDER BY `$sort_by` DESC LIMIT $limit OFFSET $offset&quot;319
Category
Security
Occurrences
319
Severity
warning

Sample message

Use placeholders and $wpdb-&gt;prepare(); found interpolated variable $column at &quot;SELECT $column FROM `$table_name` WHERE `$foreign_key` = %d AND `is_pending` = 0 ORDER BY `$sort_by` DESC LIMIT $limit OFFSET $offset&quot;

WordPress.DB.PreparedSQL.InterpolatedNotPrepared
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.266
Category
Security
Occurrences
266
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGSecurityRequest data is not unslashed$_COOKIE[&#039;consumerKey&#039;] not unslashed before sanitization. Use wp_unslash() or similar248
Category
Security
Occurrences
248
Severity
warning

Sample message

$_COOKIE[&#039;consumerKey&#039;] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $crf_fields used in $wpdb-&gt;get_row()\n$crf_fields assigned unsafely at line 1909.208
Category
Security
Occurrences
208
Severity
warning

Sample message

Unescaped parameter $crf_fields used in $wpdb-&gt;get_row()\n$crf_fields assigned unsafely at line 1909.

PluginCheck.Security.DirectDB.UnescapedDBParameter
Show 15 more
WARNINGMaintainabilityNon-prefixed class179
Category
Maintainability
Occurrences
179
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: &quot;AWeberAPI&quot;.

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound
WARNINGSecurityInput is not validated173
Category
Security
Occurrences
173
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_COOKIE[&#039;requestTokenSecret&#039;]. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
WARNINGMaintainabilityMissing Version170
Category
Maintainability
Occurrences
170
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

WordPress.WP.EnqueuedResourceParameters.MissingVersion
ERRORMaintainabilitydate date167
Category
Maintainability
Occurrences
167
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WordPress.DateTime.RestrictedFunctions.date_date
ERRORSecuritySQL query is not prepared155
Category
Security
Occurrences
155
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $Query

WordPress.DB.PreparedSQL.NotPrepared
WARNINGMaintainabilityNon-prefixed hook name151
Category
Maintainability
Occurrences
151
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: &quot;&#039;rm_field_product_billing_&#039;.$price_field-&gt;field_id&quot;.

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
WARNINGSecurityMissing nonce verification145
Category
Security
Occurrences
145
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
ERRORSecurityDatabase parameter is not escaped141
Category
Security
Occurrences
141
Severity
error

Sample message

Unescaped parameter $Query used in $wpdb->get_results()\n$Query assigned unsafely at line 799.

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGSecurityInput is not sanitized129
Category
Security
Occurrences
129
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_COOKIE[&#039;consumerKey&#039;]

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
ERRORI18nMissing Arg Domain92
Category
I18n
Occurrences
92
Severity
error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomainReference
WARNINGMaintainabilityNot In Footer91
Category
Maintainability
Occurrences
91
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WordPress.WP.EnqueuedResourceParameters.NotInFooter
WARNINGMaintainabilitySchema Change69
Category
Maintainability
Occurrences
69
Severity
warning

Sample message

Attempting a database schema change is discouraged.

WordPress.DB.DirectDatabaseQuery.SchemaChange
WARNINGMaintainabilityNon-prefixed constant59
Category
Maintainability
Occurrences
59
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;DONOTCACHEPAGE&quot;.

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound
ERRORI18nNon Singular String Literal Text57
Category
I18n
Occurrences
57
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: "Content of the email to be sent to admin on new submission. You can use rich text and values the user submitted in the form for a more personalized message. <a target='_blank' class='rm-more' href='%s'>More</a>"\r\n . "<br><br><br><span class='submission-upgrade-title'><i class='material-icons'></i><strong>User History</strong></span><br>Want to know what the user wrote to you earlier with contact form submission? Wish to have purchase history of your WooCommerce customer attached to a new support request? Need to see purchased downloads of Easy Digital Downloads buyer with form data? Time to add some intelligence to your submission notifications. Introducing, message shortcodes which dynamically fetch user information from their history on your site and provide you with deeper user insights attached to the submitted content."

WordPress.WP.I18n.NonSingularStringLiteralTextReference
WARNINGMaintainabilityupgrade notice limit44
Category
Maintainability
Occurrences
44
Severity
warning

Sample message

The upgrade notice for "1.5" exceeds the limit of 300 characters.

upgrade_notice_limit

External Connections

Not analyzed yet.

Score History

2 score snapshots

+0
1007550250Jun 20, 2026, 11:40 PM UTC Score 22/100 Plugin v6.0.9.2 Plugin Check 2.0.0 3,654 errors, 5,062 warningsJun 22, 2026, 12:10 PM UTC Score 22/100 Plugin v6.0.9.3 Plugin Check 2.0.0 3,654 errors, 5,061 warningsJun 20, 2026Jun 22, 2026

v6.0.9.3

22

Latest

Findings
8,715
Errors
3,654
Warnings
5,061
Check
2.0.0

v6.0.9.2

22

Score

Findings
8,716
Errors
3,654
Warnings
5,062
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

29 nodes

Related

Yoast SEO – Advanced SEO with real-time guidance and built-in AI24 scoreWooCommerce21 scoreAkismet Anti-spam: Spam Protection35 scoreContact Form 769 scoreElementor Website Builder – more than just a page builder35 scoreClassic Editor63 scoreLiteSpeed Cache35 scoreAll-in-One WP Migration and Backup34 scoreSite Kit by Google – Analytics, Search Console, AdSense, Speed25 scoreForminator Forms – Contact Form, Payment Form & Custom Form Builder24 scoreSureForms – Drag & Drop Contact Form & Form Builder, Payment Form, Survey, Quiz & Calculator29 scoreFormidable Forms – WordPress Form Builder for Contact Forms, Calculators, Quizzes & More21 scoreUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin24 scorePaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress24 score

Related Plugins

Users Registration Date

2k+ active installs

98
Clean Login

6k+ active installs

97
Disable WP Registration Page

2k+ active installs

89
Tickera – Sell Tickets & Manage Events

2k+ active installs

87
Ticket Tailor — Event Ticketing & Registration

4k+ active installs

86
FormGent – Next-Gen AI Form Builder for WordPress with Multi-Step, Quizzes, Payments & More

1k+ active installs

85