Email Validator for Contact Form 7

Email validation for Contact Form 7. Reduce registration spam with invalid email, block disposable and block free email.

v1.8.3MailboxValidatorUpdated Added 500 installs80% rating
35
Score
111
Errors
74
Warnings
+0
Change

Category Scores

Security0
Repo86
Performance100
Maintainability61

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

185 findings

Security

115

9 issue groups

Maintainability

48

10 issue groups

I18n

18

6 issue groups

ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $datetime_started35
Category
Security
Occurrences
35
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $datetime_started

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$blacklisted_domains'.30
Category
Security
Occurrences
30
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$blacklisted_domains'.

ERRORMaintainabilitystrip tags strip tagsstrip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.12
Category
Maintainability
Occurrences
12
Severity
error

Sample message

strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.

WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $table_name used in $wpdb->get_results()\n$table_name assigned unsafely at line 166.10
Category
Security
Occurrences
10
Severity
warning

Sample message

Unescaped parameter $table_name used in $wpdb->get_results()\n$table_name assigned unsafely at line 166.

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.10
Category
Security
Occurrences
10
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.9
Category
Maintainability
Occurrences
9
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().9
Category
Maintainability
Occurrences
9
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WARNINGSecurityRequest data is not unslashed$_GET['tab'] not unslashed before sanitization. Use wp_unslash() or similar9
Category
Security
Occurrences
9
Severity
warning

Sample message

$_GET['tab'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['tab']8
Category
Security
Occurrences
8
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['tab']

ERRORMaintainabilityPlugin Directory WritePlugin folders are deleted when upgraded. Do not save data to the plugin folder using file_put_contents(). Detected usage of __FILE__ or __DIR__ magic constant. Use wp_upload_dir() to get the uploads directory path or save to the database instead.6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

Plugin folders are deleted when upgraded. Do not save data to the plugin folder using file_put_contents(). Detected usage of __FILE__ or __DIR__ magic constant. Use wp_upload_dir() to get the uploads directory path or save to the database instead.

Show 15 more
WARNINGSecurityInput is not validated6
Category
Security
Occurrences
6
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET['activate']. Check that the array index exists before using it.

ERRORI18nNo Empty Strings6
Category
I18n
Occurrences
6
Severity
error

Sample message

The $text text string should have translatable content. Found: ''

ERRORI18nNon Singular String Literal Text6
Category
I18n
Occurrences
6
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $options['custom_domain_error_message'] ?? 'This email address domain has been denied access.'

WARNINGSecurityNonce verification recommended5
Category
Security
Occurrences
5
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityMissing Version4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

ERRORMaintainabilitydate date3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

ERRORI18nMissing Translators Comment3
Category
I18n
Occurrences
3
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

ERRORMaintainabilityOffloaded Content2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Found call to wp_enqueue_script() with external resource. Offloading scripts to your servers or any remote service is disallowed.

ERRORSecurityUnsafe printing function2
Category
Security
Occurrences
2
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WARNINGI18nDiscouraged text-domain loading1
Category
I18n
Occurrences
1
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

WARNINGMaintainabilitySchema Change1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Attempting a database schema change is discouraged.

ERRORI18nMissing Arg Domain1
Category
I18n
Occurrences
1
Severity
error

Sample message

Missing $domain parameter in function call to __().

ERRORI18nNon Singular String Literal Domain1
Category
I18n
Occurrences
1
Severity
error

Sample message

The $domain parameter must be a single text string literal. Found: $plugin_name

ERRORMaintainabilityfive star reviews detected1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Linking directly to 5 stars reviews is not allowed.

WARNINGMaintainabilitymissing composer json file1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

The "/vendor" directory using composer exists, but "composer.json" file is missing.

External Connections

Potential connections found in static code analysis.

7 domains

Outbound calls

19

External assets

2

Incoming endpoints

1

Notable Domains

php-fig.org2 · outbound

Platform / Reference Domains

developer.wordpress.org1 · platform/reference
gnu.org1 · platform/reference
wordpress.org1 · platform/reference

External Asset Domains

cdnjs.cloudflare.com3 · asset + outbound

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints1
wp_ajax_email_validator_for_contact_form_7_submit_feedbackauthenticated

wp_ajax

Score History

First score snapshot

v1.8.3

35

Latest

Findings
185
Errors
111
Warnings
74
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

32 nodes

Related Plugins

DS CF7 Math Captcha

10k+ active installs

100
100
Style Contact Form 7

1k+ active installs

100
Masks Form Fields

9k+ active installs

99