A self-hosted social reader for WordPress: follow people via RSS and ActivityPub, with multiple themes and a plugin ecosystem.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
790
16 issue groups
Security
40
4 issue groups
Repo Compliance
3
3 issue groups
I18n
1
1 issue group
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_action".592
- Category
- Maintainability
- Occurrences
- 592
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_action".
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;113
- Category
- Maintainability
- Occurrences
- 113
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'get_template_part_' . $slug".44
- Category
- Maintainability
- Occurrences
- 44
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'get_template_part_' . $slug".
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$args['after_title']'.32
- Category
- Security
- Occurrences
- 32
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$args['after_title']'.
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.11
- Category
- Maintainability
- Occurrences
- 11
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST['avatar']6
- Category
- Security
- Occurrences
- 6
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_POST['avatar']
ERRORMaintainabilitycurl curl setoptUsing cURL functions is highly discouraged. Use wp_remote_get() instead.6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilityparse url parse urlparse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
WARNINGMaintainabilityDynamic hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$this->filter_prefix . '_get_template_part'".3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$this->filter_prefix . '_get_template_part'".
Show 14 moreShow less
WARNINGI18nDiscouraged text-domain loading1
- Category
- I18n
- Occurrences
- 1
- Severity
- warning
Sample message
load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.
WARNINGSecurityDatabase parameter is not escaped1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
Unescaped parameter $sql used in $wpdb->get_var()\n$sql assigned unsafely at line 1183.
WARNINGMaintainabilityNon-prefixed class1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Gamajo_Template_Loader_1_4_0".
ERRORSecurityUnsafe printing function1
- Category
- Security
- Occurrences
- 1
- Severity
- error
Sample message
All output should be run through an escaping function (like echo esc_html_x() or echo esc_attr_x()), found '_ex'.
ERRORMaintainabilitycurl curl close1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilitycurl curl exec1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilitycurl curl getinfo1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilitycurl curl init1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilityblock api version too low1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Editor blocks must define "apiVersion" 3 or higher in block.json for WordPress 7.0+ iframe editor compatibility.
ERRORMaintainabilitylibrary core files1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Library files that are already in the WordPress core are not permitted.
WARNINGRepo Complianceplugin header nonexistent domain path1
- Category
- Repo Compliance
- Occurrences
- 1
- Severity
- warning
Sample message
The "Domain Path" header in the plugin file must point to an existing folder. Found: "languages"
ERRORRepo Compliancereadme mismatched header requires php1
- Category
- Repo Compliance
- Occurrences
- 1
- Severity
- error
Sample message
Mismatched Requires PHP: 7.2 != 7.4. "Requires PHP" needs to be exactly the same with that in your main plugin file's header.
WARNINGRepo Compliancereadme parser warnings trimmed short description1
- Category
- Repo Compliance
- Occurrences
- 1
- Severity
- warning
Sample message
The "Short Description" section is too long and was truncated. A maximum of 150 characters is supported.
WARNINGMaintainabilityunexpected markdown file1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Unexpected markdown file "CONTRIBUTE.md" detected in plugin root. Only specific markdown files are expected in production plugins.
External Connections
Potential connections found in static code analysis.
Outbound calls
66
External assets
0
Incoming endpoints
39
Notable Domains
Platform / Reference Domains
External Asset Domains
No external asset domains detected.
Incoming Endpoints
No public endpoints detected.
Admin AJAX endpoints39
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
27 more hidden
Score History
First score snapshot
v4.2.0
28
Latest
- Findings
- 834
- Errors
- 164
- Warnings
- 670
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 28 | 834 | 164 | 670 | v4.2.0 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.
Relationship links
Plugin
Author
Issue
Domain
Related
Plugin
Author
Issue
Domain
Related
Related Plugins
10k+ active installs
800 active installs
3k+ active installs
2k+ active installs
600 active installs
700 active installs