PluginScore

Drip for Gravity Forms

Integrates Gravity Forms with personalized Email Marketing tool Drip.

v2.1.2getdripUpdated Added 500 installs74% rating
GravityFormsdripemailgetdripgravity forms
39
Score
41
Errors
21
Warnings
+0
Change

Category Scores

Security0
Repo91
Performance100
Maintainability78

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

62 findings

Security

31

6 issue groups

Maintainability

24

11 issue groups

I18n

5

3 issue groups

Repo Compliance

2

2 issue groups

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.19
Category
Security
Occurrences
19
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunctionReference
WARNINGMaintainabilityerror log print rprint_r() found. Debug code should not normally be used in production.10
Category
Maintainability
Occurrences
10
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_print_r
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$current_user'.8
Category
Security
Occurrences
8
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$current_user'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
ERRORMaintainabilitywp function not compatible with requires wpFunction "self_admin_url()" requires WordPress 3.1.0, but your plugin minimum supported version is WordPress 3.0.1.5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

Function "self_admin_url()" requires WordPress 3.1.0, but your plugin minimum supported version is WordPress 3.0.1.

wp_function_not_compatible_with_requires_wpReference
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.3
Category
I18n
Occurrences
3
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsCommentReference
WARNINGI18nDiscouraged text-domain loadingload_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.1
Category
I18n
Occurrences
1
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFoundReference
ERRORMaintainabilityOffloaded ContentOffloading images, js, css, and other scripts to your servers or any remote service is disallowed.1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.

PluginCheck.CodeAnalysis.Offloading.OffloadedContent
ERRORSecurityDatabase parameter is not escapedUnescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 1478.1
Category
Security
Occurrences
1
Severity
error

Sample message

Unescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 1478.

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
Show 12 more
ERRORSecuritySQL query is not prepared1
Category
Security
Occurrences
1
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $sql

WordPress.DB.PreparedSQL.NotPrepared
WARNINGMaintainabilityNon-prefixed class1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "GetDrip_WP_API".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound
WARNINGMaintainabilityNon-prefixed hook name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "plugin_locale".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
WARNINGMaintainabilityNon-prefixed global variable1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$gravityformsdrip".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
WARNINGSecurityNonce verification recommended1
Category
Security
Occurrences
1
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGSecuritywp redirect wp redirect1
Category
Security
Occurrences
1
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WordPress.Security.SafeRedirect.wp_redirect_wp_redirectReference
ERRORI18nUnordered Placeholders Text1
Category
I18n
Occurrences
1
Severity
error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in 'Enter your Drip API token. You can find it in your Drip account %shere%s (General Settings)'.

WordPress.WP.I18n.UnorderedPlaceholdersTextReference
WARNINGMaintainabilitymismatched plugin name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Plugin name "Drip for Gravity Forms" is different from the name declared in plugin header "Gravity Forms Drip Add-On".

mismatched_plugin_nameReference
ERRORMaintainabilityMissing direct file access protection1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.8 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_headerReference
WARNINGRepo Compliancereadme parser warnings too many tags1
Category
Repo Compliance
Occurrences
1
Severity
warning

Sample message

One or more tags were ignored. Please limit your plugin to 5 tags.

readme_parser_warnings_too_many_tags
WARNINGMaintainabilitytrademarked term1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "Gravity Forms Drip Add-On" - contains the restricted term "gravity-forms" and cannot be used to begin your plugin name. We disallow the use of certain terms in ways that are abused, or potentially infringe on and/or are misleading with regards to trademarks. You may use the term "gravity-forms" elsewhere in your plugin name, such as "... for gravity-forms".

trademarked_term

External Connections

Potential connections found in static code analysis.

5 domains

Outbound calls

13

External assets

1

Incoming endpoints

2

Notable Domains

getdrip.com8 · outbound
api.getdrip.com1 · outbound
kb.getdrip.com1 · outbound

Platform / Reference Domains

gnu.org1 · platform/reference

External Asset Domains

gravityplus.pro3 · asset + outbound

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints2
wp_ajax_gf_dismiss_drip_menuauthenticated

wp_ajax

wp_ajax_gf_get_drip_field_guideauthenticated

wp_ajax

Score History

First score snapshot

v2.1.2

39

Latest

Findings
62
Errors
41
Warnings
21
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

32 nodes

Related Plugins

Block for Mailchimp – Add Email Subscription Forms and Collect Leads

2k+ active installs

100
Contact Form Query

1k+ active installs

100
Configure SMTP

6k+ active installs

99
Email Address Obfuscation

2k+ active installs

99
Stop WP Emails Going to Spam

10k+ active installs

99
Surbma | Divi & Gravity Forms

9k+ active installs

99