PluginScore

GeoTargeting Lite – WordPress Geolocation

GeoTargeting for WordPress will let you country-target your content based on users IP's and Geocountry Ip database

v1.3.6.1DamianUpdated Added 1k+ installs78% rating
cloudflaregeo targetgeolocationgeotargetingwordpress geotargeting
35
Score
66
Errors
79
Warnings
+0
Change

Category Scores

Security0
Repo82
Performance100
Maintainability69

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

145 findings

Security

88

9 issue groups

Maintainability

31

11 issue groups

I18n

21

4 issue groups

Supply Chain

1

1 issue group

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$_SERVER['HTTP_CF_CONNECTING_IP']'.24
Category
Security
Occurrences
24
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$_SERVER['HTTP_CF_CONNECTING_IP']'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE['geot_country']21
Category
Security
Occurrences
21
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_COOKIE['geot_country']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityRequest data is not unslashed$_COOKIE['geot_country'] not unslashed before sanitization. Use wp_unslash() or similar21
Category
Security
Occurrences
21
Severity
warning

Sample message

$_COOKIE['geot_country'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.7
Category
Security
Occurrences
7
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunctionReference
ERRORI18nText Domain MismatchMismatched text domain. Expected 'geotargeting' but got 'geot'.7
Category
I18n
Occurrences
7
Severity
error

Sample message

Mismatched text domain. Expected 'geotargeting' but got 'geot'.

WordPress.WP.I18n.TextDomainMismatchReference
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$c".6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$c".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.5
Category
Security
Occurrences
5
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().5
Category
I18n
Occurrences
5
Severity
error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomainReference
Show 15 more
ERRORI18nMissing Translators Comment5
Category
I18n
Occurrences
5
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsCommentReference
ERRORSecuritySQL query is not prepared4
Category
Security
Occurrences
4
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $drop_table

WordPress.DB.PreparedSQL.NotPrepared
ERRORI18nNon Singular String Literal Domain4
Category
I18n
Occurrences
4
Severity
error

Sample message

The $domain parameter must be a single text string literal. Found: $this->GeoTarget

WordPress.WP.I18n.NonSingularStringLiteralDomainReference
ERRORMaintainabilityMissing direct file access protection4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
WARNINGSecurityInterpolated SQL is not prepared3
Category
Security
Occurrences
3
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $countries_table at "DROP TABLE IF EXISTS $countries_table;"

WordPress.DB.PreparedSQL.InterpolatedNotPrepared
WARNINGMaintainabilitySchema Change2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Attempting a database schema change is discouraged.

WordPress.DB.DirectDatabaseQuery.SchemaChange
WARNINGSecurityInput is not validated2
Category
Security
Occurrences
2
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['geot']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
WARNINGSecurityDatabase parameter is not escaped1
Category
Security
Occurrences
1
Severity
warning

Sample message

Unescaped parameter $countries_table used in $wpdb->query()\n$countries_table assigned unsafely at line 42.

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGMaintainabilityerror log print r1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_print_r
ERRORMaintainabilityfile system operations chmod1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().

WordPress.WP.AlternativeFunctions.file_system_operations_chmod
ERRORMaintainabilityfile system operations rmdir1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: rmdir().

WordPress.WP.AlternativeFunctions.file_system_operations_rmdir
ERRORMaintainabilityrename rename1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

rename() is discouraged. Use WP_Filesystem::move() to rename a file.

WordPress.WP.AlternativeFunctions.rename_rename
ERRORMaintainabilitybadly named files1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File and folder names must not contain spaces or special characters.

badly_named_files
ERRORSupply ChainHidden files included1
Category
Supply Chain
Occurrences
1
Severity
error

Sample message

Hidden files are not permitted.

hidden_files
WARNINGMaintainabilitymismatched plugin name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Plugin name "GeoTargeting Lite - WordPress Geolocation" is different from the name declared in plugin header "GeoTargeting Lite".

mismatched_plugin_nameReference

Score History

First score snapshot

v1.3.6.1

35

Latest

Findings
145
Errors
66
Warnings
79
Check
2.0.0

Related Plugins

Login Security Captcha

10k+ active installs

100
App for Cloudflare®

1k+ active installs

98
Address Autocomplete via Google for Gravity Forms

2k+ active installs

97
Cloudflare SSL by Weslink

2k+ active installs

90
If-So Conditional Content for Elementor

1k+ active installs

90
User IP and Location

3k+ active installs

88