Adds a custom scrollbar to specified HTML elements.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
229
7 issue groups
Maintainability
104
13 issue groups
I18n
25
5 issue groups
ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<!--[if IE]><style type='text/css' id='internal-style-ie-{$_sID}' class='custom-scrollbar-form-ie-style'>"'.83
- Category
- Security
- Occurrences
- 83
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<!--[if IE]><style type='text/css' id='internal-style-ie-{$_sID}' class='custom-scrollbar-form-ie-style'>"'.
ERRORMaintainabilityNot AllowedUse of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead41
- Category
- Maintainability
- Occurrences
- 41
- Severity
- error
Sample message
Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead
WARNINGSecurityRecommendedProcessing form data without nonce verification.41
- Category
- Security
- Occurrences
- 41
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityInput Not SanitizedDetected usage of a non-sanitized input variable: $_FILES['__import']29
- Category
- Security
- Occurrences
- 29
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_FILES['__import']
WARNINGSecurityMissing Unslash$_GET['button_label'] not unslashed before sanitization. Use wp_unslash() or similar29
- Category
- Security
- Occurrences
- 29
- Severity
- warning
Sample message
$_GET['button_label'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityMissingProcessing form data without nonce verification.25
- Category
- Security
- Occurrences
- 25
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityInput Not ValidatedDetected usage of a possibly undefined superglobal array index: $_FILES['__import']. Check that the array index exists before using it.20
- Category
- Security
- Occurrences
- 20
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_FILES['__import']. Check that the array index exists before using it.
WARNINGMaintainabilityNon Prefixed Variable FoundGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_aClassFiles".14
- Category
- Maintainability
- Occurrences
- 14
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_aClassFiles".
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.11
- Category
- I18n
- Occurrences
- 11
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
WARNINGMaintainabilityNon Prefixed Hookname FoundHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "add_meta_boxes_{$_sCurrentScreenID}".8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "add_meta_boxes_{$_sCurrentScreenID}".
Show 15 moreShow less
ERRORMaintainabilitywp function not compatible with requires wp8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- error
Sample message
Function "get_current_network_id()" requires WordPress 4.6.0, but your plugin minimum supported version is WordPress 3.4.0.
ERRORI18nMissing Arg Domain6
- Category
- I18n
- Occurrences
- 6
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
WARNINGMaintainabilityerror log print r5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- warning
Sample message
print_r() found. Debug code should not normally be used in production.
WARNINGMaintainabilityerror log trigger error5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- warning
Sample message
trigger_error() found. Debug code should not normally be used in production.
ERRORMaintainabilityNo Explicit Version5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
Version parameter is not explicitly set or has been set to an equivalent of "false" for wp_enqueue_script; This means that the WordPress core version will be used which is not recommended for plugin or theme development.
ERRORMaintainabilitymissing direct file access protection5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
ERRORMaintainabilitydate date4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
WARNINGMaintainabilityDynamic Hookname Found4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "get_class($this) . '-' . $_GET['page']".
ERRORI18nNon Singular String Literal Domain3
- Category
- I18n
- Occurrences
- 3
- Severity
- error
Sample message
The $domain parameter must be a single text string literal. Found: $this->_sTextDomain
ERRORI18nText Domain Mismatch3
- Category
- I18n
- Occurrences
- 3
- Severity
- error
Sample message
Mismatched text domain. Expected 'custom-scrollbar' but got 'admin-page-framework'.
ERRORMaintainabilitymysql mysql get server info2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
Accessing the database directly should be avoided. Please use the $wpdb object and associated functions instead. Found: mysql_get_server_info.
ERRORMaintainabilitymysql mysqli get server info2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
Accessing the database directly should be avoided. Please use the $wpdb object and associated functions instead. Found: mysqli_get_server_info.
ERRORSecurityException Not Escaped2
- Category
- Security
- Occurrences
- 2
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'.
ERRORI18nNon Singular String Literal Text2
- Category
- I18n
- Occurrences
- 2
- Severity
- error
Sample message
The $text parameter must be a single text string literal. Found: $this->aMessages[$sKey]
ERRORMaintainabilityFound1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
The use of function _cleanup_header_comment() is forbidden
Score History
First score snapshot
v1.3.8
27
Latest
- Findings
- 375
- Errors
- 184
- Warnings
- 191
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 27 | 375 | 184 | 191 | v1.3.8 | 2.0.0 |
Related Plugins
8k+ active installs
2k+ active installs
2k+ active installs
3k+ active installs
4k+ active installs
10k+ active installs