Connect WordPress with LeadConnector CRM to automate memberships, content protection, WooCommerce, and more for a seamless and powerful experience.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
327
12 issue groups
Maintainability
274
11 issue groups
I18n
88
1 issue group
Supply Chain
4
1 issue group
WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "lc_wizard_add_tag_to_variation_options".118
- Category
- Maintainability
- Occurrences
- 118
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "lc_wizard_add_tag_to_variation_options".
ERRORI18nText Domain MismatchMismatched text domain. Expected 'ghl-wizard' but got 'appsero'.88
- Category
- I18n
- Occurrences
- 88
- Severity
- error
Sample message
Mismatched text domain. Expected 'ghl-wizard' but got 'appsero'.
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.72
- Category
- Security
- Occurrences
- 72
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$action'.62
- Category
- Security
- Occurrences
- 62
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$action'.
WARNINGSecurityRequest data is not unslashed$_GET['atn'] not unslashed before sanitization. Use wp_unslash() or similar43
- Category
- Security
- Occurrences
- 43
- Severity
- warning
Sample message
$_GET['atn'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.41
- Category
- Maintainability
- Occurrences
- 41
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().36
- Category
- Maintainability
- Occurrences
- 36
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.36
- Category
- Security
- Occurrences
- 36
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;29
- Category
- Maintainability
- Occurrences
- 29
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $table_lcw_contact at "ALTER TABLE $table_lcw_contact ADD `children_user_id` longtext DEFAULT NULL AFTER `notes`"23
- Category
- Security
- Occurrences
- 23
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $table_lcw_contact at "ALTER TABLE $table_lcw_contact ADD `children_user_id` longtext DEFAULT NULL AFTER `notes`"
Show 15 moreShow less
WARNINGSecurityInput is not sanitized23
- Category
- Security
- Occurrences
- 23
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_GET['cwa_connection_key']
WARNINGSecurityInput is not validated23
- Category
- Security
- Occurrences
- 23
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_GET['atn']. Check that the array index exists before using it.
WARNINGMaintainabilityNon-prefixed global variable22
- Category
- Maintainability
- Occurrences
- 22
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$add_user_to_ghl_url".
WARNINGSecurityDatabase parameter is not escaped14
- Category
- Security
- Occurrences
- 14
- Severity
- warning
Sample message
Unescaped parameter $table_lcw_contact used in $wpdb->get_col()\n$table_lcw_contact assigned unsafely at line 290.
WARNINGSecurityNonce verification recommended10
- Category
- Security
- Occurrences
- 10
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORSecurityDatabase parameter is not escaped8
- Category
- Security
- Occurrences
- 8
- Severity
- error
Sample message
Unescaped parameter $sql used in $wpdb->get_row()\n$sql assigned unsafely at line 608.
ERRORSecuritySQL query is not prepared8
- Category
- Security
- Occurrences
- 8
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $sql
WARNINGMaintainabilityNon-prefixed hook name7
- Category
- Maintainability
- Occurrences
- 7
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "after_appsero_license_section".
WARNINGMaintainabilitySchema Change6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- warning
Sample message
Attempting a database schema change is discouraged.
WARNINGMaintainabilityDynamic hook name5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$batch_size_filter".
WARNINGSecuritywp redirect wp redirect5
- Category
- Security
- Occurrences
- 5
- Severity
- warning
Sample message
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
WARNINGMaintainabilityNon-prefixed class4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "BW_HLWPW_Settings_Page".
ERRORSupply ChainHidden files included4
- Category
- Supply Chain
- Occurrences
- 4
- Severity
- error
Sample message
Hidden files are not permitted.
WARNINGMaintainabilityslow db query meta query3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
Detected usage of meta_query, possible slow query.
WARNINGMaintainabilityNon-prefixed constant3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "LCW_DB_VERSION".
External Connections
Potential connections found in static code analysis.
Outbound calls
51
External assets
2
Incoming endpoints
16
Notable Domains
Platform / Reference Domains
External Asset Domains
Incoming Endpoints
register_rest_route
register_rest_route
register_rest_route
register_rest_route
register_rest_route
register_rest_route
Admin AJAX endpoints4
wp_ajax
wp_ajax
wp_ajax
wp_ajax
Score History
First score snapshot
v2.2.7
24
Latest
- Findings
- 712
- Errors
- 248
- Warnings
- 464
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 24 | 712 | 248 | 464 | v2.2.7 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.