EasyIndex

Wordpress indexes made easy! EasyIndex makes post indexes, recipe indexes, product indexes and more in just minutes. Easy to use, easy to customize.

v1.1.1704Jayce53Updated 7 years agoAdded 11 years ago1k+ installs84% rating

Post Gallery index product index recipe index thumbnail gallery

Score

Errors

135

Warnings

Change

Category Scores

Security0

Repo86

Performance100

Maintainability53

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

209 findings

Security

133

11 issue groups

Maintainability

13 issue groups

I18n

1 issue group

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.34

Category: Security
Occurrences: 34
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"'$val'\n"'.24

Category: Security
Occurrences: 24
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"'$val'\n"'.

WordPress.Security.EscapeOutput.OutputNotEscaped Reference

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['eilast']17

Category: Security
Occurrences: 17
Severity: warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['eilast']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

WARNINGSecurityRequest data is not unslashed$_GET['eilast'] not unslashed before sanitization. Use wp_unslash() or similar17

Category: Security
Occurrences: 17
Severity: warning

Sample message

$_GET['eilast'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.13

Category: Security
Occurrences: 13
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.12

Category: Maintainability
Occurrences: 12
Severity: warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().12

Category: Maintainability
Occurrences: 12
Severity: warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching

ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $q12

Category: Security
Occurrences: 12
Severity: error

Sample message

Use placeholders and $wpdb->prepare(); found $q

WordPress.DB.PreparedSQL.NotPrepared

WARNINGMaintainabilityerror log trigger errortrigger_error() found. Debug code should not normally be used in production.11

Category: Maintainability
Occurrences: 11
Severity: warning

Sample message

trigger_error() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_trigger_error

ERRORMaintainabilityNot AllowedUse of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead10

Category: Maintainability
Occurrences: 10
Severity: error

Sample message

Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead

PluginCheck.CodeAnalysis.Heredoc.NotAllowed

Show 15 more

ERRORSecurityDatabase parameter is not escaped7

Category: Security
Occurrences: 7
Severity: error

Sample message

Unescaped parameter $q used in $wpdb->get_col()\n$q assigned unsafely at line 1118.

PluginCheck.Security.DirectDB.UnescapedDBParameter

WARNINGMaintainabilityDiscouraged PHP function5

Category: Maintainability
Occurrences: 5
Severity: warning

Sample message

The use of function ini_set() is discouraged

Squiz.PHP.DiscouragedFunctions.Discouraged

WARNINGMaintainabilityDeprecated parameter: get_terms parameter 25

Category: Maintainability
Occurrences: 5
Severity: warning

Sample message

The parameter "$args" at position #2 of get_terms() has been deprecated since WordPress version 4.5.0. Instead do not pass the parameter.

WordPress.WP.DeprecatedParameters.Get_termsParam2Found

ERRORSecurityHeredoc Output Not Escaped4

Category: Security
Occurrences: 4
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found interpolation in unescaped heredoc.

WordPress.Security.EscapeOutput.HeredocOutputNotEscaped Reference

WARNINGSecurityInput is not validated3

Category: Security
Occurrences: 3
Severity: warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['EasyIndex']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated

ERRORI18nMissing Arg Domain3

Category: I18n
Occurrences: 3
Severity: error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomain Reference

ERRORMaintainabilityfile system operations is writeable2

Category: Maintainability
Occurrences: 2
Severity: error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writeable().

WordPress.WP.AlternativeFunctions.file_system_operations_is_writeable

WARNINGMaintainabilityerror log print r1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

print_r() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_print_r

WARNINGMaintainabilityprevent path disclosure error reporting1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

error_reporting() can lead to full path disclosure.

WordPress.PHP.DevelopmentFunctions.prevent_path_disclosure_error_reporting

WARNINGMaintainabilityprevent path disclosure phpinfo1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

phpinfo() can lead to full path disclosure.

WordPress.PHP.DevelopmentFunctions.prevent_path_disclosure_phpinfo

ERRORSecurityException output is not escaped1

Category: Security
Occurrences: 1
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Invalid style definition in $styleID"'.

WordPress.Security.EscapeOutput.ExceptionNotEscaped Reference

WARNINGSecuritywp redirect wp redirect1

Category: Security
Occurrences: 1
Severity: warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WordPress.Security.SafeRedirect.wp_redirect_wp_redirect Reference

ERRORMaintainabilityfile system operations chmod1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().

WordPress.WP.AlternativeFunctions.file_system_operations_chmod

ERRORMaintainabilityfile system operations mkdir1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().

WordPress.WP.AlternativeFunctions.file_system_operations_mkdir

ERRORMaintainabilityfile system operations touch1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: touch().

WordPress.WP.AlternativeFunctions.file_system_operations_touch

External Connections

Potential connections found in static code analysis.

9 domains

Outbound calls

External assets

Incoming endpoints

Notable Domains

easyindexplugin.com9 · outbound

order.easyindexplugin.com4 · outbound

support.easyindexplugin.com4 · outbound

youtu.be4 · outbound

jqueryui.com2 · outbound

gitorious.org1 · outbound

Platform / Reference Domains

github.com2 · platform/reference

opensource.org1 · platform/reference

External Asset Domains

youtube.com1 · asset

Incoming Endpoints

wp_ajax_nopriv_easyindexMorepublic

wp_ajax

Admin AJAX endpoints8

wp_ajax_easyindexCountTaxonomiesauthenticated

wp_ajax

wp_ajax_easyindexCustomCSSauthenticated

wp_ajax

wp_ajax_easyindexGenerateThumbsauthenticated

wp_ajax

wp_ajax_easyindexMoreauthenticated

wp_ajax

wp_ajax_easyindexResetSlugsauthenticated

wp_ajax

wp_ajax_easyindexSaveImageauthenticated

wp_ajax

wp_ajax_easyindexSupportauthenticated

wp_ajax

wp_ajax_easyindexTermThumbauthenticated

wp_ajax

Score History

First score snapshot

4 days ago

v1.1.1704

Latest

Findings: 209
Errors: 74
Warnings: 135
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
4 days agoLatest	34	209	74	135	v1.1.1704	2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

35 nodes

Loading map

PluginAuthorCategoryIssueDomainRelated

Relationship links

Issue

Domain

easyindexplugin.com9 signals order.easyindexplugin.com4 signals support.easyindexplugin.com4 signals youtu.be4 signals jqueryui.com2 signals gitorious.org1 signal

Related Plugins

AlphaListing

500 active installs

Heroic Table of Contents

5k+ active installs

No-Indexer

500 active installs

Rapid URL Indexer for WP – Index Websites in Google

1k+ active installs

Index WP Users For Speed

1k+ active installs

Fast Speed Index

500 active installs