Instagram feed plugin for WordPress. Turn Instagram posts, Reels and galleries into live social proof for a fresh, active, and trusted site.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
I18n
475
2 issue groups
Security
202
8 issue groups
Maintainability
23
14 issue groups
Performance
5
1 issue group
ERRORI18nText Domain MismatchMismatched text domain. Expected 'inavii-social-feed-for-elementor' but got 'inavii'.473
- Category
- I18n
- Occurrences
- 473
- Severity
- error
Sample message
Mismatched text domain. Expected 'inavii-social-feed-for-elementor' but got 'inavii'.
WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $childName used in $wpdb->get_var()\n$childName assigned unsafely at line 203.76
- Category
- Security
- Occurrences
- 76
- Severity
- warning
Sample message
Unescaped parameter $childName used in $wpdb->get_var()\n$childName assigned unsafely at line 203.
WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable {$childName} at "SELECT COUNT(*) FROM {$childName}"39
- Category
- Security
- Occurrences
- 39
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable {$childName} at "SELECT COUNT(*) FROM {$childName}"
ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Account {$id} not found"'.39
- Category
- Security
- Occurrences
- 39
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Account {$id} not found"'.
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.28
- Category
- Security
- Occurrences
- 28
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['inavii_debug']9
- Category
- Security
- Occurrences
- 9
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_GET['inavii_debug']
WARNINGSecurityRequest data is not unslashed$_GET['inavii_debug'] not unslashed before sanitization. Use wp_unslash() or similar7
- Category
- Security
- Occurrences
- 7
- Severity
- warning
Sample message
$_GET['inavii_debug'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGPerformancePost Not In excludeUsing exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.5
- Category
- Performance
- Occurrences
- 5
- Severity
- warning
Sample message
Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
ERRORMaintainabilitywp function not compatible with requires wpFunction "str_starts_with()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 5.6.0.4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
Function "str_starts_with()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 5.6.0.
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
Show 15 moreShow less
WARNINGMaintainabilityNo Caching2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORSecuritySQL query is not prepared2
- Category
- Security
- Occurrences
- 2
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $sql
WARNINGMaintainabilityNon-prefixed function2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "my_fs_custom_icon".
WARNINGMaintainabilityerror log error log2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
error_log() found. Debug code should not normally be used in production.
ERRORSecurityOutput is not escaped2
- Category
- Security
- Occurrences
- 2
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'.
ERRORMaintainabilityfile system operations rmdir2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: rmdir().
ERRORI18nMissing Translators Comment2
- Category
- I18n
- Occurrences
- 2
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
ERRORMaintainabilityNot Allowed1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead
WARNINGMaintainabilitySchema Change1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Attempting a database schema change is discouraged.
WARNINGMaintainabilityslow db query meta key1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Detected usage of meta_key, possible slow query.
WARNINGMaintainabilityDynamic hook name1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "AppGlobalSettings::CRON_SCHEDULE_UPDATE_MEDIA_TASK".
WARNINGMaintainabilityNon-prefixed global symbol1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
The "inavii/social" prefix is not a valid namespace/function/class/variable/constant prefix in PHP.
ERRORMaintainabilityfile system operations fclose1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
ERRORMaintainabilityrand rand1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
rand() is discouraged. Use the far less predictable wp_rand() instead.
ERRORMaintainabilityunlink unlink1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
unlink() is discouraged. Use wp_delete_file() to delete a file.
Score History
First score snapshot
v3.0.4
34
Latest
- Findings
- 712
- Errors
- 532
- Warnings
- 180
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 34 | 712 | 532 | 180 | v3.0.4 | 2.0.0 |
Related Plugins
4k+ active installs
4k+ active installs
2k+ active installs
1k+ active installs
2k+ active installs
10k+ active installs