Replaces the default image editor in wp-admin with more powerful one - Pixo. It can also be used in the front-end.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
163
7 issue groups
Maintainability
13
6 issue groups
I18n
11
1 issue group
Repo Compliance
1
1 issue group
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<script>\n'.96
- Category
- Security
- Occurrences
- 96
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<script>\n'.
WARNINGSecurityRequest data is not unslashed$_GET[$param] not unslashed before sanitization. Use wp_unslash() or similar23
- Category
- Security
- Occurrences
- 23
- Severity
- warning
Sample message
$_GET[$param] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_FILES['image' . $i]15
- Category
- Security
- Occurrences
- 15
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_FILES['image' . $i]
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.13
- Category
- Security
- Occurrences
- 13
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().11
- Category
- I18n
- Occurrences
- 11
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_FILES['image' . $i]. Check that the array index exists before using it.9
- Category
- Security
- Occurrences
- 9
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_FILES['image' . $i]. Check that the array index exists before using it.
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.6
- Category
- Security
- Occurrences
- 6
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
ERRORMaintainabilitywp function not compatible with requires wpFunction "add_network_option()" requires WordPress 4.4.0, but your plugin minimum supported version is WordPress 3.5.0.4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
Function "add_network_option()" requires WordPress 4.4.0, but your plugin minimum supported version is WordPress 3.5.0.
WARNINGMaintainabilityNot In FooterIn footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.
Show 5 moreShow less
WARNINGMaintainabilityNon-prefixed hook name1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "intermediate_image_sizes_advanced".
WARNINGSecuritywp redirect wp redirect1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
WARNINGMaintainabilityMissing Version1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.
ERRORMaintainabilityNon Enqueued Script1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Scripts must be registered/enqueued via wp_enqueue_script()
ERRORRepo Complianceplugin header no license1
- Category
- Repo Compliance
- Occurrences
- 1
- Severity
- error
Sample message
Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.
External Connections
Potential connections found in static code analysis.
Outbound calls
21
External assets
2
Incoming endpoints
1
Notable Domains
External Asset Domains
Incoming Endpoints
No public endpoints detected.
Admin AJAX endpoints1
wp_ajax
Score History
First score snapshot
v2.3.8
41
Latest
- Findings
- 188
- Errors
- 117
- Warnings
- 71
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 41 | 188 | 117 | 71 | v2.3.8 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.