Image Editor by Pixo

Replaces the default image editor in wp-admin with more powerful one - Pixo. It can also be used in the front-end.

v2.3.8IckataUpdated Added 800 installs70% rating
41
Score
117
Errors
71
Warnings
+0
Change

Category Scores

Security0
Repo94
Performance100
Maintainability84

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

188 findings

Security

163

7 issue groups

Maintainability

13

6 issue groups

I18n

11

1 issue group

Repo Compliance

1

1 issue group

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<script>\n'.96
Category
Security
Occurrences
96
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<script>\n'.

WARNINGSecurityRequest data is not unslashed$_GET[$param] not unslashed before sanitization. Use wp_unslash() or similar23
Category
Security
Occurrences
23
Severity
warning

Sample message

$_GET[$param] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_FILES[&#039;image&#039; . $i]15
Category
Security
Occurrences
15
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_FILES[&#039;image&#039; . $i]

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.13
Category
Security
Occurrences
13
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().11
Category
I18n
Occurrences
11
Severity
error

Sample message

Missing $domain parameter in function call to __().

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_FILES[&#039;image&#039; . $i]. Check that the array index exists before using it.9
Category
Security
Occurrences
9
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_FILES[&#039;image&#039; . $i]. Check that the array index exists before using it.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.6
Category
Security
Occurrences
6
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

ERRORMaintainabilitywp function not compatible with requires wpFunction "add_network_option()" requires WordPress 4.4.0, but your plugin minimum supported version is WordPress 3.5.0.4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

Function "add_network_option()" requires WordPress 4.4.0, but your plugin minimum supported version is WordPress 3.5.0.

WARNINGMaintainabilityNot In FooterIn footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

Show 5 more
WARNINGMaintainabilityNon-prefixed hook name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: &quot;intermediate_image_sizes_advanced&quot;.

WARNINGSecuritywp redirect wp redirect1
Category
Security
Occurrences
1
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the &quot;allowed_redirect_hosts&quot; filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WARNINGMaintainabilityMissing Version1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

ERRORMaintainabilityNon Enqueued Script1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Scripts must be registered/enqueued via wp_enqueue_script()

ERRORRepo Complianceplugin header no license1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.

External Connections

Potential connections found in static code analysis.

3 domains

Outbound calls

21

External assets

2

Incoming endpoints

1

Notable Domains

tinypng.com2 · outbound
yourdomain.com1 · outbound

External Asset Domains

pixoeditor.com20 · asset + outbound

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints1
wp_ajax_pixoeditor__uploadFilesauthenticated

wp_ajax

Score History

First score snapshot

v2.3.8

41

Latest

Findings
188
Errors
117
Warnings
71
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

31 nodes

Related Plugins