WP Customer Area is a modular all-in-one solution to manage private content with WordPress.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
I18n
2,133
6 issue groups
Security
1,237
8 issue groups
Maintainability
827
11 issue groups
ERRORI18nText Domain MismatchMismatched text domain. Expected 'customer-area' but got "cuar".1,905
- Category
- I18n
- Occurrences
- 1,905
- Severity
- error
Sample message
Mismatched text domain. Expected 'customer-area' but got "cuar".
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" ## IN PATH : $path \n"'.643
- Category
- Security
- Occurrences
- 643
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" ## IN PATH : $path \n"'.
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$a".448
- Category
- Maintainability
- Occurrences
- 448
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$a".
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;244
- Category
- Maintainability
- Occurrences
- 244
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.232
- Category
- Security
- Occurrences
- 232
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.152
- Category
- I18n
- Occurrences
- 152
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
WARNINGSecurityRequest data is not unslashed$_GET[$name] not unslashed before sanitization. Use wp_unslash() or similar95
- Category
- Security
- Occurrences
- 95
- Severity
- warning
Sample message
$_GET[$name] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.89
- Category
- Security
- Occurrences
- 89
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_FILES['cuar-settings-file']['tmp_name']75
- Category
- Security
- Occurrences
- 75
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_FILES['cuar-settings-file']['tmp_name']
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.71
- Category
- Security
- Occurrences
- 71
- Severity
- warning
Sample message
Processing form data without nonce verification.
Show 15 moreShow less
WARNINGMaintainabilityNot In Footer38
- Category
- Maintainability
- Occurrences
- 38
- Severity
- warning
Sample message
In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.
ERRORI18nNon Singular String Literal Domain31
- Category
- I18n
- Occurrences
- 31
- Severity
- error
Sample message
The $domain parameter must be a single text string literal. Found: $this->text_domain
ERRORI18nNon Singular String Literal Text27
- Category
- I18n
- Occurrences
- 27
- Severity
- error
Sample message
The $text parameter must be a single text string literal. Found: "You can also get notified when we've got something exciting to say (plugin updates, news, etc.). Simply "\n . "subscribe to our newsletter, we won't spam, we send at most one email per month!"
WARNINGMaintainabilityerror log error log23
- Category
- Maintainability
- Occurrences
- 23
- Severity
- warning
Sample message
error_log() found. Debug code should not normally be used in production.
WARNINGMaintainabilityslow db query meta query22
- Category
- Maintainability
- Occurrences
- 22
- Severity
- warning
Sample message
Detected usage of meta_query, possible slow query.
WARNINGSecuritywp redirect wp redirect17
- Category
- Security
- Occurrences
- 17
- Severity
- warning
Sample message
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
WARNINGMaintainabilityNon-prefixed hook name15
- Category
- Maintainability
- Occurrences
- 15
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "automatic_updater_disabled".
WARNINGSecurityInput is not validated15
- Category
- Security
- Occurrences
- 15
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_FILES['cuar-settings-file']['tmp_name']. Check that the array index exists before using it.
ERRORI18nUnordered Placeholders Text13
- Category
- I18n
- Occurrences
- 13
- Severity
- error
Sample message
Multiple placeholders in translatable strings should be ordered. Expected "%1$1s, %2$2s", but got "%1s, %2s" in '%1sList of sites you can embed from%2s'.
ERRORMaintainabilityunlink unlink11
- Category
- Maintainability
- Occurrences
- 11
- Severity
- error
Sample message
unlink() is discouraged. Use wp_delete_file() to delete a file.
WARNINGMaintainabilityslow db query tax query8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- warning
Sample message
Detected usage of tax_query, possible slow query.
ERRORMaintainabilityfile system operations mkdir7
- Category
- Maintainability
- Occurrences
- 7
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().
ERRORMaintainabilitystrip tags strip tags6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.
ERRORMaintainabilityDeprecated parameter: get_terms parameter 25
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
The parameter "$get_terms_options" at position #2 of get_terms() has been deprecated since WordPress version 4.5.0. Instead do not pass the parameter.
ERRORI18nMissing Arg Domain5
- Category
- I18n
- Occurrences
- 5
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
External Connections
Not analyzed yet.
Score History
First score snapshot
v8.3.5
22
Latest
- Findings
- 4,249
- Errors
- 3,308
- Warnings
- 941
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 22 | 4,249 | 3,308 | 941 | v8.3.5 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.
Relationship links
Plugin
Author
Category
Issue
Related
Plugin
Author
Category
Issue
Related
Related Plugins
3k+ active installs
1k+ active installs
30k+ active installs