The easiest way to accept bookings on WordPress for free. Set up a beautiful appointment booking form for your business in minutes — no coding needed.
Category Scores
Top Issues by Category
maintainability637
security62
Issues Details
704 issues found in latest scan
Possible use of ASP style opening tags detected; found: <% _.each(cache.Locations,function(item,ke...
Function "get_rest_url()" requires WordPress 4.4.0, but your plugin minimum supported version is WordPress 3.7.0.
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<td>{$row->start}</td>\n'.
Use placeholders and $wpdb->prepare(); found interpolated variable $ids_in at WHERE app_id IN ($ids_in)\n
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "EAAdminPanel".
No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.
Unescaped parameter $appointments_table used in $wpdb->query()\n$appointments_table assigned unsafely at line 425.
$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar
Unescaped parameter $table_fields used in $wpdb->get_results()\n$table_fields assigned unsafely at line 249.
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "EA_JS_DIR".
Processing form data without nonce verification.
Detected usage of a non-sanitized input variable: $_FILES['file']['error']
Possible use of ASP style short opening tags detected; found: <%= item.label %> <% if (item.required == "...
Incorrect number of replacements passed to $wpdb->prepare(). Found 2 replacement parameters, expected 1.
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "ea_staff_created".
The $text parameter must be a single text string literal. Found: $item->label
Replacement variables found, but no valid placeholders found in the query.
Detected usage of a possibly undefined superglobal array index: $_FILES['file']['error']. Check that the array index exists before using it.
| Code | Type | Message | Count |
|---|---|---|---|
| Generic.PHP.DisallowAlternativePHPTags.MaybeASPOpenTagFound | WARNING | Possible use of ASP style opening tags detected; found: <% _.each(cache.Locations,function(item,ke... | 465 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "get_rest_url()" requires WordPress 4.4.0, but your plugin minimum supported version is WordPress 3.7.0. | 77 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 26 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 17 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 17 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<td>{$row->start}</td>\n'. | 16 |
| WordPress.DB.PreparedSQL.InterpolatedNotPrepared | WARNING | Use placeholders and $wpdb->prepare(); found interpolated variable $ids_in at WHERE app_id IN ($ids_in)\n | 14 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound | WARNING | Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "EAAdminPanel". | 12 |
| Internal.NoCodeFound | WARNING | No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them. | 9 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter $appointments_table used in $wpdb->query()\n$appointments_table assigned unsafely at line 425. | 8 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar | 6 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | ERROR | Unescaped parameter $table_fields used in $wpdb->get_results()\n$table_fields assigned unsafely at line 249. | 5 |
| WordPress.DateTime.RestrictedFunctions.date_date | ERROR | date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead. | 4 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound | WARNING | Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "EA_JS_DIR". | 4 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 4 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_FILES['file']['error'] | 3 |
| Generic.PHP.DisallowAlternativePHPTags.MaybeASPShortOpenTagFound | WARNING | Possible use of ASP style short opening tags detected; found: <%= item.label %> <% if (item.required == "... | 2 |
| WordPress.DB.PreparedSQL.NotPrepared | ERROR | Use placeholders and $wpdb->prepare(); found $total_sql | 2 |
| WordPress.DB.PreparedSQLPlaceholders.ReplacementsWrongNumber | WARNING | Incorrect number of replacements passed to $wpdb->prepare(). Found 2 replacement parameters, expected 1. | 2 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "ea_staff_created". | 2 |
| WordPress.WP.I18n.NonSingularStringLiteralText | ERROR | The $text parameter must be a single text string literal. Found: $item->label | 2 |
| WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare | WARNING | Replacement variables found, but no valid placeholders found in the query. | 1 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_FILES['file']['error']. Check that the array index exists before using it. | 1 |
| badly_named_files | ERROR | File and folder names must not contain spaces or special characters. | 1 |
| library_core_files | ERROR | Library files that are already in the WordPress core are not permitted. | 1 |
Latest Snapshot
Findings
704
Errors
135
Warnings
569
Score History
First score snapshot
First scan completed Jun 20, 2026
v3.12.26 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v3.12.26
26
Latest
- Findings
- 704
- Errors
- 135
- Warnings
- 569
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 26 | 704 | 135 | 569 | v3.12.26 | 2.0.0 | 2026.06-mvp-static-v2 |
