PluginScore

Enter Addons – Ultimate Template Builder for Elementor

EnterAddons | Ultimate Addons For WordPress And Elementor

v2.3.4themelooksUpdated Added 1k+ installs100% rating
addonselementorelementor addonselementor widgetelements
32
Score
82
Errors
72
Warnings
+0
Change

Category Scores

Security0
Repo86
Performance100
Maintainability43

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

154 findings

Maintainability

74

17 issue groups

Security

72

7 issue groups

Supply Chain

2

1 issue group

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$action'.35
Category
Security
Occurrences
35
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$action'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "after_appsero_license_section".18
Category
Maintainability
Occurrences
18
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "after_appsero_license_section".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
ERRORMaintainabilitycurl curl setoptUsing cURL functions is highly discouraged. Use wp_remote_get() instead.17
Category
Maintainability
Occurrences
17
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_setopt
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;16
Category
Maintainability
Occurrences
16
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.15
Category
Security
Occurrences
15
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['ea_filter_type']12
Category
Security
Occurrences
12
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['ea_filter_type']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityRequest data is not unslashed$_GET['ea_filter_type'] not unslashed before sanitization. Use wp_unslash() or similar6
Category
Security
Occurrences
6
Severity
warning

Sample message

$_GET['ea_filter_type'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGMaintainabilityDynamic hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$this->client->slug . '_tracker_data'".4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$this->client->slug . '_tracker_data'".

WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$ea_cache_dir_url".4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$ea_cache_dir_url".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
WARNINGMaintainabilityslow db query meta queryDetected usage of meta_query, possible slow query.2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Detected usage of meta_query, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_query
Show 15 more
WARNINGMaintainabilityNon-prefixed global symbol2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

The "enteraddons/template/after" prefix is not a valid namespace/function/class/variable/constant prefix in PHP.

WordPress.NamingConventions.PrefixAllGlobals.InvalidPrefixPassed
WARNINGSecurityMissing nonce verification2
Category
Security
Occurrences
2
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
ERRORMaintainabilityfile system operations chmod2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().

WordPress.WP.AlternativeFunctions.file_system_operations_chmod
ERRORSupply ChainHidden files included2
Category
Supply Chain
Occurrences
2
Severity
error

Sample message

Hidden files are not permitted.

hidden_files
WARNINGMaintainabilityNo PHP code found1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.

Internal.NoCodeFound
ERRORSecuritySetting is missing a sanitization callback1
Category
Security
Occurrences
1
Severity
error

Sample message

Sanitization missing for register_setting().

PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissingReference
WARNINGMaintainabilityDirect Query1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo Caching1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
WARNINGMaintainabilityslow db query meta key1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Detected usage of meta_key, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_key
WARNINGMaintainabilityslow db query meta value1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Detected usage of meta_value, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_value
ERRORSecurityException output is not escaped1
Category
Security
Occurrences
1
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$response['message']'.

WordPress.Security.EscapeOutput.ExceptionNotEscapedReference
ERRORMaintainabilitycurl curl close1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_close
ERRORMaintainabilitycurl curl error1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_error
ERRORMaintainabilitycurl curl exec1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_exec
ERRORMaintainabilitycurl curl getinfo1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_getinfo

External Connections

Potential connections found in static code analysis.

31 domains

Outbound calls

100

External assets

4

Incoming endpoints

6

Notable Domains

your-link.com27 · outbound
appsero.com4 · outbound
themelooks.com3 · outbound
api.enteraddons.com2 · outbound
craftpip.github.io2 · outbound
fontawesome.com2 · outbound

Platform / Reference Domains

w3.org15 · platform/reference
github.com8 · platform/reference
gnu.org1 · platform/reference

External Asset Domains

enteraddons.com15 · asset + outbound
youtube.com1 · asset

Incoming Endpoints

wp_ajax_nopriv_editor_library_datapublic

wp_ajax

wp_ajax_nopriv_mailchimp_action_firepublic

wp_ajax

Admin AJAX endpoints4
wp_ajax_appsero_refresh_license_authenticated

wp_ajax

wp_ajax_editor_library_dataauthenticated

wp_ajax

wp_ajax_mailchimp_action_fireauthenticated

wp_ajax

wp_ajax_settings_data_save_actionauthenticated

wp_ajax

Score History

First score snapshot

v2.3.4

32

Latest

Findings
154
Errors
82
Warnings
72
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins

Easy Elements for Elementor – Addons & Website Templates

1k+ active installs

100
Events Widgets For Elementor And The Events Calendar

10k+ active installs

100
Input Mask For Elementor Form Fields

20k+ active installs

100
Language Switcher for Elementor & Polylang

400 active installs

100
MarqueeAll – Elementor Marquee for Image, Text, Post Grid, Testimonial, Cryptocurrency & News Ticker 🌀

1k+ active installs

100
Popup for Elementor

700 active installs

100