The purpose of this plugin is to add the ability to output a list of link categories and a complete list of links with notes and descriptions.
Category Scores
Top Issues by Category
security2,418
maintainability790
Issues Details
3,338 issues found in latest scan
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<font face=\"verdana\" size=\"2\">Critical Error: <strong>Unable to create: $name</strong></font>"'.
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$alphabet".
Processing form data without nonce verification.
$_COOKIE['Captcha'] not unslashed before sanitization. Use wp_unslash() or similar
Detected usage of a non-sanitized input variable: $_COOKIE['Captcha']
Detected usage of a possibly undefined superglobal array index: $_FILES['generalsettingsfile']['tmp_name']. Check that the array index exists before using it.
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "RenderLinkLibrary".
Processing form data without nonce verification.
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
rand() is discouraged. Use the far less predictable wp_rand() instead.
Use placeholders and $wpdb->prepare(); found $all_link_cats_query
Unescaped parameter $all_link_cats_query used in $wpdb->get_results()\n$all_link_cats_query assigned unsafely at line 16.
print_r() found. Debug code should not normally be used in production.
The parameter "$link_categories_query_args" at position #2 of get_terms() has been deprecated since WordPress version 4.5.0. Instead do not pass the parameter.
Detected usage of meta_key, possible slow query.
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "AT_END".
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
Function "has_blocks()" requires WordPress 5.0.0, but your plugin minimum supported version is WordPress 4.4.0.
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.Security.EscapeOutput.UnsafePrintingFunction | ERROR | All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. | 966 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<font face=\"verdana\" size=\"2\">Critical Error: <strong>Unable to create: $name</strong></font>"'. | 772 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$alphabet". | 547 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 264 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_COOKIE['Captcha'] not unslashed before sanitization. Use wp_unslash() or similar | 162 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_COOKIE['Captcha'] | 98 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_FILES['generalsettingsfile']['tmp_name']. Check that the array index exists before using it. | 83 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound | WARNING | Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "RenderLinkLibrary". | 38 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 35 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fwrite | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite(). | 24 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 22 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 22 |
| WordPress.WP.AlternativeFunctions.rand_rand | ERROR | rand() is discouraged. Use the far less predictable wp_rand() instead. | 21 |
| WordPress.DB.PreparedSQL.NotPrepared | ERROR | Use placeholders and $wpdb->prepare(); found $all_link_cats_query | 20 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | ERROR | Unescaped parameter $all_link_cats_query used in $wpdb->get_results()\n$all_link_cats_query assigned unsafely at line 16. | 18 |
| WordPress.PHP.DevelopmentFunctions.error_log_print_r | WARNING | print_r() found. Debug code should not normally be used in production. | 17 |
| WordPress.WP.DeprecatedParameters.Get_termsParam2Found | WARNING | The parameter "$link_categories_query_args" at position #2 of get_terms() has been deprecated since WordPress version 4.5.0. Instead do not pass the parameter. | 17 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_key | WARNING | Detected usage of meta_key, possible slow query. | 14 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound | WARNING | Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "AT_END". | 14 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fclose | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose(). | 12 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 12 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fopen | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen(). | 11 |
| WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_exclude | WARNING | Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. | 10 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "has_blocks()" requires WordPress 5.0.0, but your plugin minimum supported version is WordPress 4.4.0. | 10 |
| WordPress.DateTime.RestrictedFunctions.date_date | ERROR | date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead. | 9 |
Latest Snapshot
Findings
3,338
Errors
1,941
Warnings
1,397
Score History
First score snapshot
First scan completed Jun 20, 2026
v7.9.2 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v7.9.2
20
Latest
- Findings
- 3,338
- Errors
- 1,941
- Warnings
- 1,397
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 20 | 3,338 | 1,941 | 1,397 | v7.9.2 | 2.0.0 | 2026.06-mvp-static-v2 |
