FAPI Member

Plugin FAPI pro jednoduchou správu členských sekcí na webu.

v2.2.33FAPI Business s.r.o.Updated Added 500 installs80% rating
28
Score
279
Errors
153
Warnings
+0
Change

Category Scores

Security0
Repo80
Performance100
Maintainability31

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

432 findings

Security

318

11 issue groups

Maintainability

83

11 issue groups

I18n

10

3 issue groups

ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" (output started at {$file}:{$line})."'.186
Category
Security
Occurrences
186
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" (output started at {$file}:{$line})."'.

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"(): {$e->getMessage()} in {$e->getFile()}:{$e->getLine()}"'.33
Category
Security
Occurrences
33
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"(): {$e->getMessage()} in {$e->getFile()}:{$e->getLine()}"'.

WARNINGMaintainabilityerror log trigger errortrigger_error() found. Debug code should not normally be used in production.28
Category
Maintainability
Occurrences
28
Severity
warning

Sample message

trigger_error() found. Debug code should not normally be used in production.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['subpage']26
Category
Security
Occurrences
26
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['subpage']

WARNINGSecurityRequest data is not unslashed$_GET['subpage'] not unslashed before sanitization. Use wp_unslash() or similar20
Category
Security
Occurrences
20
Severity
warning

Sample message

$_GET['subpage'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$apiService".18
Category
Maintainability
Occurrences
18
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$apiService".

WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $ids at \t\t\tWHERE level_id IN ($ids)\n16
Category
Security
Occurrences
16
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $ids at \t\t\tWHERE level_id IN ($ids)\n

ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $filterByLevelsString15
Category
Security
Occurrences
15
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $filterByLevelsString

WARNINGMaintainabilityNot In FooterIn footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.10
Category
Maintainability
Occurrences
10
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;9
Category
Maintainability
Occurrences
9
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

Show 15 more
WARNINGSecurityMissing nonce verification6
Category
Security
Occurrences
6
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityInput is not validated6
Category
Security
Occurrences
6
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_SERVER[$tmp]. Check that the array index exists before using it.

ERRORI18nText Domain Mismatch6
Category
I18n
Occurrences
6
Severity
error

Sample message

Mismatched text domain. Expected 'fapi-member' but got 'cms_ve'.

WARNINGSecuritywp redirect wp redirect5
Category
Security
Occurrences
5
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WARNINGMaintainabilityerror log debug backtrace4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

debug_backtrace() found. Debug code should not normally be used in production.

ERRORMaintainabilityfile system operations chmod4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().

WARNINGSecurityNonce verification recommended3
Category
Security
Occurrences
3
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGI18nDiscouraged text-domain loading2
Category
I18n
Occurrences
2
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

ERRORMaintainabilityNot Allowed2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead

ERRORSecurityDatabase parameter is not escaped2
Category
Security
Occurrences
2
Severity
error

Sample message

Unescaped parameter $query used in $wpdb->get_results()\n$query assigned unsafely at line 130.

WARNINGMaintainabilityNon-prefixed function2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: &quot;create_block_fapi_member_block_init&quot;.

ERRORMaintainabilityfile system operations fopen2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

ERRORMaintainabilityparse url parse url2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

ERRORI18nMissing Arg Domain2
Category
I18n
Occurrences
2
Severity
error

Sample message

Missing $domain parameter in function call to __().

ERRORMaintainabilityblock api version too low2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Editor blocks must define "apiVersion" 3 or higher in block.json for WordPress 7.0+ iframe editor compatibility.

External Connections

Potential connections found in static code analysis.

32 domains

Outbound calls

241

External assets

5

Incoming endpoints

4

Notable Domains

nette.org49 · outbound
davidgrudl.com46 · outbound
webpack.js.org46 · outbound
floating-ui.com20 · outbound
napoveda.fapi.cz9 · outbound
fapi.cz5 · outbound

Platform / Reference Domains

github.com24 · platform/reference
w3.org7 · platform/reference
gnu.org1 · platform/reference
opensource.org1 · platform/reference

External Asset Domains

form.fapi.cz4 · asset + outbound
fonts.googleapis.com2 · asset + outbound
page.fapi.cz2 · asset

Incoming Endpoints

/wp-json/fapi/v1/REST

register_rest_route

/wp-json/fapi/v2/REST

register_rest_route

Admin AJAX endpoints2
wp_ajax_open_element_settingauthenticated

wp_ajax

wp_ajax_open_row_settingauthenticated

wp_ajax

Score History

2 score snapshots

+0
1007550250Jun 25, 2026, 04:51 PM UTC Score 28/100 Plugin v2.2.32 Plugin Check 2.0.0 279 errors, 153 warningsJun 30, 2026, 09:53 AM UTC Score 28/100 Plugin v2.2.33 Plugin Check 2.0.0 279 errors, 153 warningsJun 25, 2026Jun 30, 2026

v2.2.33

28

Latest

Findings
432
Errors
279
Warnings
153
Check
2.0.0

v2.2.32

28

Score

Findings
432
Errors
279
Warnings
153
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

35 nodes

Related

Related Plugins