Connector Wizard (formerly LC Wizard)

Connect WordPress with LeadConnector CRM to automate memberships, content protection, WooCommerce, and more for a seamless and powerful experience.

v2.2.7Niaj MorshedUpdated Added 1k+ installs86% rating
24
Score
248
Errors
464
Warnings
+0
Change

Category Scores

Security0
Repo66
Performance97
Maintainability24

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

712 findings

Security

327

12 issue groups

Maintainability

274

11 issue groups

I18n

88

1 issue group

Supply Chain

4

1 issue group

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "lc_wizard_add_tag_to_variation_options".118
Category
Maintainability
Occurrences
118
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "lc_wizard_add_tag_to_variation_options".

ERRORI18nText Domain MismatchMismatched text domain. Expected 'ghl-wizard' but got 'appsero'.88
Category
I18n
Occurrences
88
Severity
error

Sample message

Mismatched text domain. Expected 'ghl-wizard' but got 'appsero'.

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.72
Category
Security
Occurrences
72
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$action'.62
Category
Security
Occurrences
62
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$action'.

WARNINGSecurityRequest data is not unslashed$_GET['atn'] not unslashed before sanitization. Use wp_unslash() or similar43
Category
Security
Occurrences
43
Severity
warning

Sample message

$_GET['atn'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.41
Category
Maintainability
Occurrences
41
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().36
Category
Maintainability
Occurrences
36
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.36
Category
Security
Occurrences
36
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;29
Category
Maintainability
Occurrences
29
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $table_lcw_contact at "ALTER TABLE $table_lcw_contact ADD `children_user_id` longtext DEFAULT NULL AFTER `notes`"23
Category
Security
Occurrences
23
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $table_lcw_contact at "ALTER TABLE $table_lcw_contact ADD `children_user_id` longtext DEFAULT NULL AFTER `notes`"

Show 15 more
WARNINGSecurityInput is not sanitized23
Category
Security
Occurrences
23
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['cwa_connection_key']

WARNINGSecurityInput is not validated23
Category
Security
Occurrences
23
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET['atn']. Check that the array index exists before using it.

WARNINGMaintainabilityNon-prefixed global variable22
Category
Maintainability
Occurrences
22
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$add_user_to_ghl_url".

WARNINGSecurityDatabase parameter is not escaped14
Category
Security
Occurrences
14
Severity
warning

Sample message

Unescaped parameter $table_lcw_contact used in $wpdb->get_col()\n$table_lcw_contact assigned unsafely at line 290.

WARNINGSecurityNonce verification recommended10
Category
Security
Occurrences
10
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORSecurityDatabase parameter is not escaped8
Category
Security
Occurrences
8
Severity
error

Sample message

Unescaped parameter $sql used in $wpdb->get_row()\n$sql assigned unsafely at line 608.

ERRORSecuritySQL query is not prepared8
Category
Security
Occurrences
8
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $sql

WARNINGMaintainabilityNon-prefixed hook name7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "after_appsero_license_section".

WARNINGMaintainabilitySchema Change6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

Attempting a database schema change is discouraged.

WARNINGMaintainabilityDynamic hook name5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$batch_size_filter".

WARNINGSecuritywp redirect wp redirect5
Category
Security
Occurrences
5
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WARNINGMaintainabilityNon-prefixed class4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "BW_HLWPW_Settings_Page".

ERRORSupply ChainHidden files included4
Category
Supply Chain
Occurrences
4
Severity
error

Sample message

Hidden files are not permitted.

WARNINGMaintainabilityslow db query meta query3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Detected usage of meta_query, possible slow query.

WARNINGMaintainabilityNon-prefixed constant3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "LCW_DB_VERSION".

External Connections

Potential connections found in static code analysis.

15 domains

Outbound calls

51

External assets

2

Incoming endpoints

16

Notable Domains

connectorwizard.app9 · outbound
betterwizard.com8 · outbound
appsero.com4 · outbound
facebook.com2 · outbound
wa.me2 · outbound

Platform / Reference Domains

w3.org10 · platform/reference
github.com1 · platform/reference

External Asset Domains

widgets.leadconnectorhq.com4 · asset + outbound

Incoming Endpoints

/wp-json/connector-wizard/v1/memberships/(?P<id>[a-zA-Z0-9\-_]+)REST

register_rest_route

/wp-json/connector-wizard/v1/membershipsREST

register_rest_route

/wp-json/connector-wizard/v1/settingsREST

register_rest_route

/wp-json/connector-wizard/v1/associationsREST

register_rest_route

/wp-json/connector-wizard/v1/location-tagsREST

register_rest_route

/wp-json/connector-wizard/v1/refresh-dataREST

register_rest_route

Admin AJAX endpoints4
wp_ajax_appsero_refresh_license_authenticated

wp_ajax

wp_ajax_lcw_auto_login_ajaxauthenticated

wp_ajax

wp_ajax_lcw_get_calendar_timeslotsauthenticated

wp_ajax

wp_ajax_lcw_reset_password_ajaxauthenticated

wp_ajax

Score History

First score snapshot

v2.2.7

24

Latest

Findings
712
Errors
248
Warnings
464
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins