Header Promo – Show Top Bar Message or Call to Action

Best Black Friday, Cyber Monday, or any other promo bar is here

v1.1.1bPluginsUpdated Added 400 installs80% rating
40
Score
472
Errors
45
Warnings
+0
Change

Category Scores

Security0
Repo94
Performance98
Maintainability80

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

517 findings

Security

273

7 issue groups

I18n

228

3 issue groups

Maintainability

14

5 issue groups

Performance

1

1 issue group

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$args[$property.'_icon']'.238
Category
Security
Occurrences
238
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$args[$property.'_icon']'.

ERRORI18nText Domain MismatchMismatched text domain. Expected 'header-promo' but got 'csf'.226
Category
I18n
Occurrences
226
Severity
error

Sample message

Mismatched text domain. Expected 'header-promo' but got 'csf'.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.12
Category
Security
Occurrences
12
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST[$this->unique]8
Category
Security
Occurrences
8
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_POST[$this->unique]

WARNINGSecurityRequest data is not unslashed$_POST[$this->unique] not unslashed before sanitization. Use wp_unslash() or similar8
Category
Security
Occurrences
8
Severity
warning

Sample message

$_POST[$this->unique] not unslashed before sanitization. Use wp_unslash() or similar

ERRORMaintainabilityOffloaded ContentFound call to wp_enqueue_script() with external resource. Offloading scripts to your servers or any remote service is disallowed.5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

Found call to wp_enqueue_script() with external resource. Offloading scripts to your servers or any remote service is disallowed.

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.4
Category
Security
Occurrences
4
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityNot In FooterIn footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WARNINGMaintainabilityMissing VersionResource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

WARNINGSecurityInput is not validated or sanitizedDetected usage of a non-sanitized, non-validated input variable _SERVER: "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"2
Category
Security
Occurrences
2
Severity
warning

Sample message

Detected usage of a non-sanitized, non-validated input variable _SERVER: "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"

Show 7 more
WARNINGI18nDiscouraged text-domain loading1
Category
I18n
Occurrences
1
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

WARNINGSecuritywp redirect wp redirect1
Category
Security
Occurrences
1
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

ERRORI18nMissing Translators Comment1
Category
I18n
Occurrences
1
Severity
error

Sample message

A function call to esc_html__() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WARNINGPerformancePost Not In exclude1
Category
Performance
Occurrences
1
Severity
warning

Sample message

Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.

ERRORMaintainabilityfive star reviews detected1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Linking directly to 5 stars reviews is not allowed.

WARNINGMaintainabilitymismatched plugin name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Plugin name "Header Promo – Show Top Bar Message or Call to Action" is different from the name declared in plugin header "Header Promo".

ERRORRepo Compliancereadme mismatched header requires1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Mismatched Requires at least: 6.2 != 5.2. "Requires at least" needs to be exactly the same with that in your main plugin file's header.

External Connections

Potential connections found in static code analysis.

15 domains

Outbound calls

38

External assets

4

Incoming endpoints

7

Notable Domains

codestarframework.com10 · outbound
bplugins.com3 · outbound
openstreetmap.org2 · outbound
codestarthemes.com1 · outbound
miohtama.github.com1 · outbound

Platform / Reference Domains

github.com6 · platform/reference
wordpress.org4 · platform/reference
gnu.org1 · platform/reference
ps.w.org1 · platform/reference
w3.org1 · platform/reference

External Asset Domains

cdn.jsdelivr.net7 · asset + outbound

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints7
wp_ajax_csf_authenticated

wp_ajax

wp_ajax_csf-chosenauthenticated

wp_ajax

wp_ajax_csf-exportauthenticated

wp_ajax

wp_ajax_csf-get-iconsauthenticated

wp_ajax

wp_ajax_csf-get-shortcode-authenticated

wp_ajax

wp_ajax_csf-importauthenticated

wp_ajax

wp_ajax_csf-resetauthenticated

wp_ajax

Score History

First score snapshot

v1.1.1

40

Latest

Findings
517
Errors
472
Warnings
45
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins