Easily replace any attached image/file by simply uploading a new file in the Media Library edit view - a real time saver!
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
230
9 issue groups
Maintainability
187
13 issue groups
I18n
39
3 issue groups
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"'><span class='label'>$display_size</span></div>"'.75
- Category
- Security
- Occurrences
- 75
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"'><span class='label'>$display_size</span></div>"'.
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$activate_class".67
- Category
- Maintainability
- Occurrences
- 67
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$activate_class".
WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "breeze_clear_all_cache".56
- Category
- Maintainability
- Occurrences
- 56
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "breeze_clear_all_cache".
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.37
- Category
- Security
- Occurrences
- 37
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.32
- Category
- Security
- Occurrences
- 32
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
WARNINGSecurityRequest data is not unslashed$_GET['action'] not unslashed before sanitization. Use wp_unslash() or similar23
- Category
- Security
- Occurrences
- 23
- Severity
- warning
Sample message
$_GET['action'] not unslashed before sanitization. Use wp_unslash() or similar
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.19
- Category
- I18n
- Occurrences
- 19
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.16
- Category
- Security
- Occurrences
- 16
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_FILES['userfile']15
- Category
- Security
- Occurrences
- 15
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_FILES['userfile']
ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $posts_sql13
- Category
- Security
- Occurrences
- 13
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $posts_sql
Show 15 moreShow less
WARNINGSecurityInput is not validated13
- Category
- Security
- Occurrences
- 13
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_FILES['userfile']. Check that the array index exists before using it.
ERRORI18nUnordered Placeholders Text13
- Category
- I18n
- Occurrences
- 13
- Severity
- error
Sample message
Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in '%s f %s exceeds the maximum upload size for this site.'.
WARNINGMaintainabilityDirect Query10
- Category
- Maintainability
- Occurrences
- 10
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo Caching9
- Category
- Maintainability
- Occurrences
- 9
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORI18nText Domain Mismatch7
- Category
- I18n
- Occurrences
- 7
- Severity
- error
Sample message
Mismatched text domain. Expected 'enable-media-replace' but got 'enable-media-replace/'.
ERRORMaintainabilityMissing direct file access protection7
- Category
- Maintainability
- Occurrences
- 7
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
ERRORSecurityDatabase parameter is not escaped6
- Category
- Security
- Occurrences
- 6
- Severity
- error
Sample message
Unescaped parameter $prepared_sql used in $wpdb->query()\n$prepared_sql assigned unsafely at line 354.
WARNINGMaintainabilityNon-prefixed function6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "emr".
WARNINGMaintainabilityerror log print r5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- warning
Sample message
print_r() found. Debug code should not normally be used in production.
ERRORMaintainabilityfile system operations chmod5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().
ERRORMaintainabilityparse url parse url5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
ERRORMaintainabilitywp function not compatible with requires wp5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
Function "wp_date()" requires WordPress 5.3.0, but your plugin minimum supported version is WordPress 4.9.7.
WARNINGMaintainabilityerror log debug backtrace4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
debug_backtrace() found. Debug code should not normally be used in production.
ERRORMaintainabilityfile system operations is writable4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().
WARNINGMaintainabilityMissing Version4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
Resource version not set in call to wp_register_style(). This means new versions of the style may not always be loaded due to browser caching.
External Connections
Potential connections found in static code analysis.
Outbound calls
29
External assets
0
Incoming endpoints
3
Notable Domains
Platform / Reference Domains
External Asset Domains
No external asset domains detected.
Incoming Endpoints
No public endpoints detected.
Admin AJAX endpoints3
wp_ajax
wp_ajax
wp_ajax
Score History
3 score snapshots
v4.2.2
24
Latest
- Findings
- 488
- Errors
- 212
- Warnings
- 276
- Check
- 2.0.0
v4.2.1
24
Score
- Findings
- 490
- Errors
- 214
- Warnings
- 276
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 24 | 488 | 212 | 276 | v4.2.2 | 2.0.0 |
| 24 | 490 | 214 | 276 | v4.2.1 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.