Hash Form – Drag & Drop Form Builder

Create any kind of forms effortlessly with Hash Form – the ultimate drag & drop form builder plugin for WordPress.

v1.3.9hashthemesUpdated Added 3k+ installs100% rating
43
Score
9
Errors
273
Warnings
+0
Change

Category Scores

Security12
Repo94
Performance100
Maintainability59

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

282 findings

Maintainability

256

8 issue groups

Security

23

7 issue groups

I18n

2

1 issue group

Repo Compliance

1

1 issue group

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$args".145
Category
Maintainability
Occurrences
145
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$args".

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.52
Category
Maintainability
Occurrences
52
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().47
Category
Maintainability
Occurrences
47
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.8
Category
Security
Occurrences
8
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "hf_after_entry_detail_view".5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "hf_after_entry_detail_view".

WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable {$column_name} at "SELECT {$column_name} FROM {$tbl_name} WHERE id!=%d"4
Category
Security
Occurrences
4
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable {$column_name} at "SELECT {$column_name} FROM {$tbl_name} WHERE id!=%d"

WARNINGMaintainabilityslow db query meta valueDetected usage of meta_value, possible slow query.3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Detected usage of meta_value, possible slow query.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET[$param]3
Category
Security
Occurrences
3
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET[$param]

WARNINGI18nDiscouraged text-domain loadingload_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.2
Category
I18n
Occurrences
2
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $column_name used in $wpdb->get_results()\n$tbl_name assigned unsafely at line 80.2
Category
Security
Occurrences
2
Severity
warning

Sample message

Unescaped parameter $column_name used in $wpdb->get_results()\n$tbl_name assigned unsafely at line 80.

Show 7 more
ERRORSecurityDatabase parameter is not escaped2
Category
Security
Occurrences
2
Severity
error

Sample message

Unescaped parameter $placeholders used in $wpdb->query()\n$placeholders assigned unsafely at line 172.

ERRORSecurityOutput is not escaped2
Category
Security
Occurrences
2
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'get_block_wrapper_attributes'.

WARNINGSecurityMissing nonce verification2
Category
Security
Occurrences
2
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORMaintainabilityfive star reviews detected2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Linking directly to 5 stars reviews is not allowed.

ERRORMaintainabilitylibrary core files1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Library files that are already in the WordPress core are not permitted.

ERRORMaintainabilityMissing direct file access protection1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

External Connections

Not analyzed yet.

Score History

First score snapshot

v1.3.9

43

Latest

Findings
282
Errors
9
Warnings
273
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

28 nodes

Related Plugins

Contact Form Query

1k+ active installs

100
100
Style Contact Form 7

1k+ active installs

100
ACF Field For CF7

10k+ active installs

99