Keap Official Opt-in Forms

Build your email subscriber list from visitors to your WordPress website with Keap's Official Opt-in Forms plugin.

v2.0.3KeapUpdated Added 1k+ installs38% rating
24
Score
829
Errors
1,046
Warnings
+0
Change

Category Scores

Security0
Repo94
Performance96
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

1,875 findings

Security

752

12 issue groups

Maintainability

658

10 issue groups

I18n

432

3 issue groups

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$$param".498
Category
Maintainability
Occurrences
498
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$$param".

ERRORI18nText Domain MismatchMismatched text domain. Expected 'infusionsoft-official-opt-in-forms' but got "infusionsoft".423
Category
I18n
Occurrences
423
Severity
error

Sample message

Mismatched text domain. Expected 'infusionsoft-official-opt-in-forms' but got "infusionsoft".

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" $case: {$data['time']} secs - Output data CRC: "'.315
Category
Security
Occurrences
315
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" $case: {$data['time']} secs - Output data CRC: "'.

WARNINGSecurityRequest data is not unslashed$_COOKIE['hubspotutk'] not unslashed before sanitization. Use wp_unslash() or similar145
Category
Security
Occurrences
145
Severity
warning

Sample message

$_COOKIE['hubspotutk'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.90
Category
Security
Occurrences
90
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE['hubspotutk']90
Category
Security
Occurrences
90
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_COOKIE['hubspotutk']

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_FILES['import_file']['name']. Check that the array index exists before using it.67
Category
Security
Occurrences
67
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_FILES['import_file']['name']. Check that the array index exists before using it.

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "addcomment".52
Category
Maintainability
Occurrences
52
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "addcomment".

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;33
Category
Maintainability
Occurrences
33
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "et_gf_set_character_set".19
Category
Maintainability
Occurrences
19
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "et_gf_set_character_set".

Show 15 more
WARNINGMaintainabilityNon-prefixed class17
Category
Maintainability
Occurrences
17
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "INF_Dashboard".

WARNINGMaintainabilityDirect Query13
Category
Maintainability
Occurrences
13
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo Caching12
Category
Maintainability
Occurrences
12
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WARNINGSecurityMissing nonce verification12
Category
Security
Occurrences
12
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORSecurityDatabase parameter is not escaped8
Category
Security
Occurrences
8
Severity
error

Sample message

Unescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 1302.

ERRORSecuritySQL query is not prepared8
Category
Security
Occurrences
8
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $sql

WARNINGMaintainabilityNon-prefixed constant5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "INF_DASHBOARD_DIR".

ERRORSecurityUnsafe printing function5
Category
Security
Occurrences
5
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WARNINGMaintainabilityMissing Version5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching.

ERRORI18nNon Singular String Literal Text5
Category
I18n
Occurrences
5
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $message_map['401']

WARNINGSecurityDatabase parameter is not escaped4
Category
Security
Occurrences
4
Severity
warning

Sample message

Unescaped parameter $table_name used in $wpdb->get_var()\n$table_name assigned unsafely at line 1272.

WARNINGSecurityInterpolated SQL is not prepared4
Category
Security
Occurrences
4
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $table_name at "SHOW TABLES LIKE '$table_name'"

ERRORMaintainabilitydate date4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

ERRORSecurityException output is not escaped4
Category
Security
Occurrences
4
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$name'.

ERRORI18nMissing Arg Domain4
Category
I18n
Occurrences
4
Severity
error

Sample message

Missing $domain parameter in function call to __().

External Connections

Potential connections found in static code analysis.

32 domains

Outbound calls

225

External assets

2

Incoming endpoints

32

Notable Domains

php.net25 · outbound
pear.php.net17 · outbound
xmlrpc.com11 · outbound
keap.com3 · outbound

Platform / Reference Domains

w3.org117 · platform/reference
github.com5 · platform/reference
opensource.org1 · platform/reference

External Asset Domains

meerkat.oreillynet.com4 · asset + outbound

Incoming Endpoints

wp_ajax_nopriv_infusionsoft_handle_stats_addingpublic

wp_ajax

wp_ajax_nopriv_infusionsoft_subscribepublic

wp_ajax

Admin AJAX endpoints30
wp_ajax_inf_dashboard_execute_live_searchauthenticated

wp_ajax

wp_ajax_inf_dashboard_generate_warningauthenticated

wp_ajax

wp_ajax_inf_infusionsoft_save_settingsauthenticated

wp_ajax

wp_ajax_infusionsoft_ab_test_actionsauthenticated

wp_ajax

wp_ajax_infusionsoft_add_variantauthenticated

wp_ajax

wp_ajax_infusionsoft_authorize_accountauthenticated

wp_ajax

wp_ajax_infusionsoft_clear_statsauthenticated

wp_ajax

wp_ajax_infusionsoft_clear_stats_single_optinauthenticated

wp_ajax

wp_ajax_infusionsoft_display_previewauthenticated

wp_ajax

wp_ajax_infusionsoft_duplicate_optinauthenticated

wp_ajax

wp_ajax_infusionsoft_generate_accounts_listauthenticated

wp_ajax

wp_ajax_infusionsoft_generate_edit_account_pageauthenticated

wp_ajax

18 more hidden

Score History

First score snapshot

v2.0.3

24

Latest

Findings
1,875
Errors
829
Warnings
1,046
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

34 nodes

Related Plugins