Use Advanced File Manager to manage WordPress files, create archives, and build document libraries—all directly from your WordPress dashboard!
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
968
8 issue groups
Maintainability
922
17 issue groups
ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"'$directory' could not be created."'.463
- Category
- Security
- Occurrences
- 463
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"'$directory' could not be created."'.
WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "access".193
- Category
- Maintainability
- Occurrences
- 193
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "access".
WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "FMA_Controller".191
- Category
- Maintainability
- Occurrences
- 191
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "FMA_Controller".
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"{$image_path}/bottom-left.png"'.118
- Category
- Security
- Occurrences
- 118
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"{$image_path}/bottom-left.png"'.
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.112
- Category
- Security
- Occurrences
- 112
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$$key".84
- Category
- Maintainability
- Occurrences
- 84
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$$key".
ERRORMaintainabilityfile system operations fcloseFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().82
- Category
- Maintainability
- Occurrences
- 82
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
WARNINGSecurityRequest data is not unslashed$_GET['code'] not unslashed before sanitization. Use wp_unslash() or similar79
- Category
- Security
- Occurrences
- 79
- Severity
- warning
Sample message
$_GET['code'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_ENV['PHPUNIT_RESULT_CACHE']68
- Category
- Security
- Occurrences
- 68
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_ENV['PHPUNIT_RESULT_CACHE']
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.61
- Category
- Security
- Occurrences
- 61
- Severity
- warning
Sample message
Processing form data without nonce verification.
Show 15 moreShow less
ERRORMaintainabilityfile system operations fopen52
- Category
- Maintainability
- Occurrences
- 52
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
WARNINGSecurityInput is not validated45
- Category
- Security
- Occurrences
- 45
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_FILES['content']['tmp_name']. Check that the array index exists before using it.
ERRORMaintainabilityfile system operations fwrite44
- Category
- Maintainability
- Occurrences
- 44
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().
ERRORMaintainabilitycurl curl setopt39
- Category
- Maintainability
- Occurrences
- 39
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilityfile system operations is writable33
- Category
- Maintainability
- Occurrences
- 33
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().
ERRORMaintainabilityfile system operations fread32
- Category
- Maintainability
- Occurrences
- 32
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread().
WARNINGMaintainabilityerror log var export28
- Category
- Maintainability
- Occurrences
- 28
- Severity
- warning
Sample message
var_export() found. Debug code should not normally be used in production.
WARNINGMaintainabilityprevent path disclosure error reporting26
- Category
- Maintainability
- Occurrences
- 26
- Severity
- warning
Sample message
error_reporting() can lead to full path disclosure.
ERRORMaintainabilityfile system operations mkdir26
- Category
- Maintainability
- Occurrences
- 26
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().
ERRORMaintainabilityMissing direct file access protection25
- Category
- Maintainability
- Occurrences
- 25
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGSecurityMissing nonce verification22
- Category
- Security
- Occurrences
- 22
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGMaintainabilityDiscouraged PHP function18
- Category
- Maintainability
- Occurrences
- 18
- Severity
- warning
Sample message
The use of function ini_set() is discouraged
ERRORMaintainabilityForbidden PHP function found17
- Category
- Maintainability
- Occurrences
- 17
- Severity
- error
Sample message
The use of function eval() is forbidden
ERRORMaintainabilitycurl curl init16
- Category
- Maintainability
- Occurrences
- 16
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilitycurl curl setopt array16
- Category
- Maintainability
- Occurrences
- 16
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
Score History
First score snapshot
v5.4.12
19
Latest
- Findings
- 2,119
- Errors
- 1,218
- Warnings
- 901
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 19 | 2,119 | 1,218 | 901 | v5.4.12 | 2.0.0 |
Related Plugins
2k+ active installs
2k+ active installs
8k+ active installs
3k+ active installs
20k+ active installs
6k+ active installs