Front-end Editor

Edit content inline, without going to the admin area.

v2.3.1scribuUpdated Added 500 installs80% rating
38
Score
78
Errors
62
Warnings
+0
Change

Category Scores

Security0
Repo89
Performance100
Maintainability75

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

140 findings

Security

88

11 issue groups

Maintainability

35

8 issue groups

I18n

15

3 issue groups

Repo Compliance

2

2 issue groups

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '", $argc"'.34
Category
Security
Occurrences
34
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '", $argc"'.

ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$baseDir'.17
Category
Security
Occurrences
17
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$baseDir'.

ERRORI18nNon Singular String Literal DomainThe $domain parameter must be a single text string literal. Found: $this->textdomain13
Category
I18n
Occurrences
13
Severity
error

Sample message

The $domain parameter must be a single text string literal. Found: $this->textdomain

WARNINGMaintainabilityerror log trigger errortrigger_error() found. Debug code should not normally be used in production.8
Category
Maintainability
Occurrences
8
Severity
warning

Sample message

trigger_error() found. Debug code should not normally be used in production.

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.8
Category
Security
Occurrences
8
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;7
Category
Maintainability
Occurrences
7
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST['commonData']6
Category
Security
Occurrences
6
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_POST['commonData']

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_POST['commonData']['post_id']. Check that the array index exists before using it.6
Category
Security
Occurrences
6
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['commonData']['post_id']. Check that the array index exists before using it.

Show 14 more
WARNINGSecurityInterpolated SQL is not prepared5
Category
Security
Occurrences
5
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $charset_collate at "CREATE TABLE IF NOT EXISTS $full_table_name ( $columns ) $charset_collate;"

WARNINGSecurityRequest data is not unslashed5
Category
Security
Occurrences
5
Severity
warning

Sample message

$_POST['commonData'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityDatabase parameter is not escaped3
Category
Security
Occurrences
3
Severity
warning

Sample message

Unescaped parameter $full_table_name used in $wpdb->query()\n$full_table_name assigned unsafely at line 51.

WARNINGMaintainabilitySchema Change3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Attempting a database schema change is discouraged.

WARNINGSecurityNonce verification recommended2
Category
Security
Occurrences
2
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORMaintainabilityNot Allowed1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead

ERRORSecurityDatabase parameter is not escaped1
Category
Security
Occurrences
1
Severity
error

Sample message

Unescaped parameter $keys used in $wpdb->query()\n$keys assigned unsafely at line 152.

WARNINGSecuritywp redirect wp redirect1
Category
Security
Occurrences
1
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the &quot;allowed_redirect_hosts&quot; filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

ERRORMaintainabilitystrip tags strip tags1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.

WARNINGMaintainabilityDeprecated function: screen_icon1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

screen_icon() has been deprecated since WordPress version 3.8.0.

ERRORI18nDeprecated parameter: load_plugin_textdomain parameter 21
Category
I18n
Occurrences
1
Severity
error

Sample message

The parameter "''" at position #2 of load_plugin_textdomain() has been deprecated since WordPress version 2.7.0. Use "" instead.

ERRORI18nMissing Translators Comment1
Category
I18n
Occurrences
1
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 3.6 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

ERRORRepo Complianceplugin header no license1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.

External Connections

Potential connections found in static code analysis.

77 domains

Outbound calls

265

External assets

0

Incoming endpoints

2

Notable Domains

aloha-editor.org34 · outbound
aloha-editor.com22 · outbound
jquery.org16 · outbound
docs.jquery.com15 · outbound
jqueryui.com12 · outbound
sizzlejs.com10 · outbound

Platform / Reference Domains

github.com12 · platform/reference
w3.org8 · platform/reference
opensource.org3 · platform/reference
gnu.org2 · platform/reference
codex.wordpress.org1 · platform/reference
dev.w3.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints2
wp_ajax_fee_image_insertauthenticated

wp_ajax

wp_ajax_front-end-editorauthenticated

wp_ajax

Score History

First score snapshot

v2.3.1

38

Latest

Findings
140
Errors
78
Warnings
62
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins