EmailKit is a powerful WordPress and WooCommerce email customizer tool, free for everyone! It allows users to customize and design templates that show …
Category Scores
Top Issues by Category
maintainability87
security9
repo_compliance2
Issues Details
99 issues found in latest scan
Detected usage of meta_query, possible slow query.
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$count".
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins".
Processing form data without nonce verification.
Resource version not set in call to wp_register_style(). This means new versions of the style may not always be loaded due to browser caching.
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$this->text_domain.'/pro_awareness/after_grid_contents'".
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
The "/pro" prefix is not a valid namespace/function/class/variable/constant prefix in PHP.
print_r() found. Debug code should not normally be used in production.
Processing form data without nonce verification.
Detected usage of a non-sanitized input variable: $_POST['emailkit_template_content_html']
Detected usage of a possibly undefined superglobal array index: $_POST['settings']['newsletter_email']. Check that the array index exists before using it.
Version parameter is not explicitly set or has been set to an equivalent of "false" for wp_enqueue_script; This means that the WordPress core version will be used which is not recommended for plugin or theme development.
The $text parameter must be a single text string literal. Found: sprintf( 'order #%1$s is completed', $order_id )
Plugin name "EmailKit - Email Customizer for WooCommerce & WP" is different from the name declared in plugin header "EmailKit".
The "/vendor" directory using composer exists, but "composer.json" file is missing.
The "Short Description" section is missing. An excerpt was generated from your main plugin description.
One or more tags were ignored. Please limit your plugin to 5 tags.
The plugin name includes a restricted term. Your chosen plugin name - "EmailKit - Email Customizer for WooCommerce & WP" - contains the restricted term "wp" which cannot be used at all in your plugin name.
Function "str_contains()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 5.0.0.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.DB.SlowDBQuery.slow_db_query_meta_query | WARNING | Detected usage of meta_query, possible slow query. | 29 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$count". | 20 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 15 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins". | 9 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 6 |
| WordPress.WP.EnqueuedResourceParameters.MissingVersion | WARNING | Resource version not set in call to wp_register_style(). This means new versions of the style may not always be loaded due to browser caching. | 3 |
| WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$this->text_domain.'/pro_awareness/after_grid_contents'". | 2 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 1 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 1 |
| WordPress.NamingConventions.PrefixAllGlobals.InvalidPrefixPassed | WARNING | The "/pro" prefix is not a valid namespace/function/class/variable/constant prefix in PHP. | 1 |
| WordPress.PHP.DevelopmentFunctions.error_log_print_r | WARNING | print_r() found. Debug code should not normally be used in production. | 1 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 1 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_POST['emailkit_template_content_html'] | 1 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_POST['settings']['newsletter_email']. Check that the array index exists before using it. | 1 |
| WordPress.WP.EnqueuedResourceParameters.NoExplicitVersion | ERROR | Version parameter is not explicitly set or has been set to an equivalent of "false" for wp_enqueue_script; This means that the WordPress core version will be used which is not recommended for plugin or theme development. | 1 |
| WordPress.WP.I18n.NonSingularStringLiteralText | ERROR | The $text parameter must be a single text string literal. Found: sprintf( 'order #%1$s is completed', $order_id ) | 1 |
| mismatched_plugin_name | WARNING | Plugin name "EmailKit - Email Customizer for WooCommerce & WP" is different from the name declared in plugin header "EmailKit". | 1 |
| missing_composer_json_file | WARNING | The "/vendor" directory using composer exists, but "composer.json" file is missing. | 1 |
| readme_parser_warnings_no_short_description_present | WARNING | The "Short Description" section is missing. An excerpt was generated from your main plugin description. | 1 |
| readme_parser_warnings_too_many_tags | WARNING | One or more tags were ignored. Please limit your plugin to 5 tags. | 1 |
| trademarked_term | WARNING | The plugin name includes a restricted term. Your chosen plugin name - "EmailKit - Email Customizer for WooCommerce & WP" - contains the restricted term "wp" which cannot be used at all in your plugin name. | 1 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "str_contains()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 5.0.0. | 1 |
Latest Snapshot
Findings
99
Errors
18
Warnings
81
Score History
First score snapshot
First scan completed Jun 20, 2026
v1.6.6 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v1.6.6
73
Latest
- Findings
- 99
- Errors
- 18
- Warnings
- 81
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 73 | 99 | 18 | 81 | v1.6.6 | 2.0.0 | 2026.06-mvp-static-v2 |
