Anti-spam - CAPTCHA that protects all forms against spam and brute-force. Invisible and GDPR-compliant.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
272
13 issue groups
Maintainability
111
7 issue groups
I18n
87
5 issue groups
ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $hiddenSqlArray44
- Category
- Security
- Occurrences
- 44
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $hiddenSqlArray
WARNINGSecurityRequest data is not unslashed$_POST[$key] not unslashed before sanitization. Use wp_unslash() or similar44
- Category
- Security
- Occurrences
- 44
- Severity
- warning
Sample message
$_POST[$key] not unslashed before sanitization. Use wp_unslash() or similar
ERRORI18nNon Singular String Literal TextThe $text parameter must be a single text string literal. Found: $key44
- Category
- I18n
- Occurrences
- 44
- Severity
- error
Sample message
The $text parameter must be a single text string literal. Found: $key
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.43
- Category
- Maintainability
- Occurrences
- 43
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$error_message'.43
- Category
- Security
- Occurrences
- 43
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$error_message'.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().42
- Category
- Maintainability
- Occurrences
- 42
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.42
- Category
- Security
- Occurrences
- 42
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
ERRORSecurityDatabase parameter is not escapedUnescaped parameter $prepared_query used in $wpdb->get_results()\n$prepared_query assigned unsafely at line 1377.28
- Category
- Security
- Occurrences
- 28
- Severity
- error
Sample message
Unescaped parameter $prepared_query used in $wpdb->get_results()\n$prepared_query assigned unsafely at line 1377.
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to esc_attr_e().24
- Category
- I18n
- Occurrences
- 24
- Severity
- error
Sample message
Missing $domain parameter in function call to esc_attr_e().
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST['gdpr-settings-selection']22
- Category
- Security
- Occurrences
- 22
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_POST['gdpr-settings-selection']
Show 15 moreShow less
WARNINGSecurityMissing nonce verification15
- Category
- Security
- Occurrences
- 15
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGMaintainabilitySchema Change14
- Category
- Maintainability
- Occurrences
- 14
- Severity
- warning
Sample message
Attempting a database schema change is discouraged.
WARNINGSecurityInput is not validated14
- Category
- Security
- Occurrences
- 14
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_POST[$key]. Check that the array index exists before using it.
ERRORI18nMissing Translators Comment14
- Category
- I18n
- Occurrences
- 14
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
WARNINGSecurityInterpolated SQL is not prepared11
- Category
- Security
- Occurrences
- 11
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $details_table at \t\t\t\t\t\t\tDELETE FROM $details_table WHERE rgm_id IN ($message_ids_str)\r\n
WARNINGMaintainabilityerror log error log5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- warning
Sample message
error_log() found. Debug code should not normally be used in production.
ERRORSecurityUnsupported Placeholder4
- Category
- Security
- Occurrences
- 4
- Severity
- error
Sample message
Unsupported placeholder used in $wpdb->prepare(). Found: "%')\r\n".
ERRORI18nUnordered Placeholders Text4
- Category
- I18n
- Occurrences
- 4
- Severity
- error
Sample message
Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s, %3$s", but got "%s, %s, %s" in '%s The plugin is now active on all of your forms and logins.%s%s'.
ERRORMaintainabilityNot Allowed3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead
WARNINGSecurityDatabase parameter is not escaped3
- Category
- Security
- Occurrences
- 3
- Severity
- warning
Sample message
Unescaped parameter $details_table used in $wpdb->query()\n$details_table assigned unsafely at line 151.
ERRORMaintainabilitydate date3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
WARNINGI18nDiscouraged text-domain loading1
- Category
- I18n
- Occurrences
- 1
- Severity
- warning
Sample message
load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.
ERRORSecuritySetting is missing a sanitization callback1
- Category
- Security
- Occurrences
- 1
- Severity
- error
Sample message
Sanitization missing for register_setting().
WARNINGSecurityReplacements Wrong Number1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
Incorrect number of replacements passed to $wpdb->prepare(). Found 1 replacement parameters, expected 3.
WARNINGMaintainabilityNon-prefixed constant1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "GDPR_COMPLIANT_RECAPTCHA".
Score History
First score snapshot
v4.1.2
30
Latest
- Findings
- 485
- Errors
- 264
- Warnings
- 221
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 30 | 485 | 264 | 221 | v4.1.2 | 2.0.0 |
Related Plugins
1k+ active installs
10k+ active installs
10k+ active installs
4k+ active installs
3k+ active installs
2k+ active installs