Exploit Scanner

Search the files and database of your WordPress install for signs that may indicate that it has fallen victim to malicious hackers.

v1.5.2Donncha O Caoimh (a11n)Updated 9 years agoAdded 18 years ago8k+ installs64% rating

hack hacking scanner security spam

Score

Errors

130

Warnings

Change

Category Scores

Security0

Repo80

Performance100

Maintainability76

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

155 findings

Maintainability

101

8 issue groups

Security

7 issue groups

Repo Compliance

4 issue groups

I18n

1 issue group

WARNINGMaintainabilityNon Prefixed Variable FoundGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$download".86

Category: Maintainability
Occurrences: 86
Severity: warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$download".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound

ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$hashes'.16

Category: Security
Occurrences: 16
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$hashes'.

WordPress.Security.EscapeOutput.OutputNotEscaped Reference

WARNINGSecurityInput Not ValidatedDetected usage of a possibly undefined superglobal array index: $_GET['file']. Check that the array index exists before using it.11

Category: Security
Occurrences: 11
Severity: warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET['file']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated

WARNINGSecurityMissing Unslash$_GET['file'] not unslashed before sanitization. Use wp_unslash() or similar8

Category: Security
Occurrences: 8
Severity: warning

Sample message

$_GET['file'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash

WARNINGSecurityInput Not SanitizedDetected usage of a non-sanitized input variable: $_GET['file']7

Category: Security
Occurrences: 7
Severity: warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['file']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.3

Category: Maintainability
Occurrences: 3
Severity: warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().3

Category: Maintainability
Occurrences: 3
Severity: warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching

WARNINGMaintainabilityNon Prefixed Class FoundClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "DB_Exploit_Scanner".3

Category: Maintainability
Occurrences: 3
Severity: warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "DB_Exploit_Scanner".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound

WARNINGSecurityRecommendedProcessing form data without nonce verification.3

Category: Security
Occurrences: 3
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended

ERRORMaintainabilitymissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;3

Category: Maintainability
Occurrences: 3
Severity: error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protection Reference

Show 10 more

ERRORSecurityUnescaped DBParameter2

Category: Security
Occurrences: 2
Severity: error

Sample message

Unescaped parameter $text used in $wpdb->get_results()\n$text assigned unsafely at line 907.

PluginCheck.Security.DirectDB.UnescapedDBParameter

WARNINGSecurityInterpolated Not Prepared2

Category: Security
Occurrences: 2
Severity: warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable {$text} at "SELECT ID, post_title, post_content FROM {$wpdb->posts} WHERE post_type<>'revision' AND post_content LIKE '%{$text}%'"

WordPress.DB.PreparedSQL.InterpolatedNotPrepared

WARNINGMaintainabilityNo Code Found1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.

Internal.NoCodeFound

WARNINGMaintainabilityABSPATHDetected1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Writing files using ABSPATH may be problematic. Consider using wp_upload_dir() instead if storing user data or generated files.

PluginCheck.CodeAnalysis.WriteFile.ABSPATHDetected

WARNINGMaintainabilityDiscouraged1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

The use of function ini_set() is discouraged

Squiz.PHP.DiscouragedFunctions.Discouraged

ERRORI18nMissing Arg Domain1

Category: I18n
Occurrences: 1
Severity: error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomain Reference

ERRORRepo Complianceno license1

Category: Repo Compliance
Occurrences: 1
Severity: error

Sample message

Missing "License". Please update your readme with a valid GPLv2 (or later) compatible license.

no_license Reference

ERRORRepo Complianceoutdated tested upto header1

Category: Repo Compliance
Occurrences: 1
Severity: error

Sample message

Tested up to: 4.7 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_header Reference

ERRORRepo Complianceplugin header no license1

Category: Repo Compliance
Occurrences: 1
Severity: error

Sample message

Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.

plugin_header_no_license Reference

WARNINGRepo Compliancereadme parser warnings too many tags1

Category: Repo Compliance
Occurrences: 1
Severity: warning

Sample message

One or more tags were ignored. Please limit your plugin to 5 tags.

readme_parser_warnings_too_many_tags

Score History

First score snapshot

2 days ago

v1.5.2

Latest

Findings: 155
Errors: 25
Warnings: 130
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
2 days agoLatest	37	155	25	130	v1.5.2	2.0.0

Related Plugins

Dam Spam

1k+ active installs

100

10k+ active installs

100

Remove XML-RPC Methods

1k+ active installs

100

Stop XML-RPC Attacks

6k+ active installs

100

AntiVirus

30k+ active installs

BotBlocker Security – Firewall & Bot Protection

3k+ active installs