Top Issues by Category
maintainability50
security38
repo_compliance1
Issues Details
89 issues found in latest scan
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
Detected usage of a possibly undefined superglobal array index: $_POST['delete_originals']. Check that the array index exists before using it.
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$code'.
$_GET['tab'] not unslashed before sanitization. Use wp_unslash() or similar
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "https_local_ssl_verify".
Detected usage of a non-sanitized input variable: $_POST['folder']
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "itw_config".
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "deactivate_images_to_webp".
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$itw_methods".
error_log() found. Debug code should not normally be used in production.
print_r() found. Debug code should not normally be used in production.
Processing form data without nonce verification.
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
Writing files using ABSPATH may be problematic. Consider using wp_upload_dir() instead if storing user data or generated files.
Using __FILE__ for menu slugs risks exposing filesystem structure.
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.WP.AlternativeFunctions.curl_curl_setopt | ERROR | Using cURL functions is highly discouraged. Use wp_remote_get() instead. | 20 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_POST['delete_originals']. Check that the array index exists before using it. | 12 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$code'. | 11 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET['tab'] not unslashed before sanitization. Use wp_unslash() or similar | 8 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "https_local_ssl_verify". | 5 |
| Squiz.PHP.DiscouragedFunctions.Discouraged | WARNING | The use of function ini_set() is discouraged | 4 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_POST['folder'] | 4 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound | WARNING | Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "itw_config". | 3 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound | WARNING | Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "deactivate_images_to_webp". | 3 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$itw_methods". | 3 |
| WordPress.PHP.DevelopmentFunctions.error_log_error_log | WARNING | error_log() found. Debug code should not normally be used in production. | 2 |
| WordPress.PHP.DevelopmentFunctions.error_log_print_r | WARNING | print_r() found. Debug code should not normally be used in production. | 2 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 2 |
| WordPress.WP.AlternativeFunctions.curl_curl_getinfo | ERROR | Using cURL functions is highly discouraged. Use wp_remote_get() instead. | 2 |
| PluginCheck.CodeAnalysis.WriteFile.ABSPATHDetected | WARNING | Writing files using ABSPATH may be problematic. Consider using wp_upload_dir() instead if storing user data or generated files. | 1 |
| WordPress.Security.PluginMenuSlug.Using__FILE__ | WARNING | Using __FILE__ for menu slugs risks exposing filesystem structure. | 1 |
| WordPress.WP.AlternativeFunctions.curl_curl_close | ERROR | Using cURL functions is highly discouraged. Use wp_remote_get() instead. | 1 |
| WordPress.WP.AlternativeFunctions.curl_curl_errno | ERROR | Using cURL functions is highly discouraged. Use wp_remote_get() instead. | 1 |
| WordPress.WP.AlternativeFunctions.curl_curl_error | ERROR | Using cURL functions is highly discouraged. Use wp_remote_get() instead. | 1 |
| WordPress.WP.AlternativeFunctions.curl_curl_exec | ERROR | Using cURL functions is highly discouraged. Use wp_remote_get() instead. | 1 |
| WordPress.WP.AlternativeFunctions.curl_curl_init | ERROR | Using cURL functions is highly discouraged. Use wp_remote_get() instead. | 1 |
| outdated_tested_upto_header | ERROR | Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress. | 1 |
Latest Snapshot
Findings
89
Errors
39
Warnings
50
Score History
First score snapshot
First scan completed Jun 20, 2026
v5.0 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v5.0
37
Latest
- Findings
- 89
- Errors
- 39
- Warnings
- 50
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 37 | 89 | 39 | 50 | v5.0 | 2.0.0 | 2026.06-mvp-static-v2 |
