Reset theme customizations made via WordPress Customizer with backup, export, and import features.
Category Scores
Top Issues by Category
maintainability10
security6
supply_chain1
Issues Details
18 issues found in latest scan
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$entry['count']'.
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "customize_save".
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.
Simple placeholders should not be quoted in the query string in $wpdb->prepare(). Found: '%s'.
Detected usage of a non-sanitized input variable: $_POST['import_data']
unlink() is discouraged. Use wp_delete_file() to delete a file.
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
The plugin slug includes a restricted term. Your plugin slug - "customizer-reset-by-wpzoom" - contains the restricted term "wp" which cannot be used at all in your plugin slug.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$entry['count']'. | 4 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "customize_save". | 3 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 2 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 2 |
| PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound | WARNING | load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed. | 1 |
| WordPress.DB.PreparedSQLPlaceholders.QuotedSimplePlaceholder | ERROR | Simple placeholders should not be quoted in the query string in $wpdb->prepare(). Found: '%s'. | 1 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_POST['import_data'] | 1 |
| WordPress.WP.AlternativeFunctions.unlink_unlink | ERROR | unlink() is discouraged. Use wp_delete_file() to delete a file. | 1 |
| hidden_files | ERROR | Hidden files are not permitted. | 1 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 1 |
| trademarked_term | WARNING | The plugin slug includes a restricted term. Your plugin slug - "customizer-reset-by-wpzoom" - contains the restricted term "wp" which cannot be used at all in your plugin slug. | 1 |
Latest Snapshot
Findings
18
Errors
8
Warnings
10
Score History
First score snapshot
First scan completed
v2.2.0 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
v2.2.0
35
Latest
- Findings
- 18
- Errors
- 8
- Warnings
- 10
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Latest | 35 | 18 | 8 | 10 | v2.2.0 | 2.0.0 | 2026.06-mvp-static-v2 |
