The ultimate Elementor addon for cross-domain copying, magic copy buttons, and instant page duplication. Build websites faster with one-click design t …
Category Scores
Top Issues by Category
security28
maintainability9
i18n6
Issues Details
44 issues found in latest scan
$_GET['duplicate_nonce'] not unslashed before sanitization. Use wp_unslash() or similar
Processing form data without nonce verification.
The $domain parameter must be a single text string literal. Found: $this->settings['text_domain']
Detected usage of a non-sanitized input variable: $_GET['duplicate_nonce']
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Processing form data without nonce verification.
Detected usage of a possibly undefined superglobal array index: $_REQUEST['post_id']. Check that the array index exists before using it.
load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.
Sanitization missing for register_setting().
Unescaped parameter $bdt_sql_query used in $wpdb->query()\n$bdt_sql_query assigned unsafely at line 109.
Use placeholders and $wpdb->prepare(); found interpolated variable $bdt_post_id at "SELECT meta_key, meta_value FROM $wpdb->postmeta WHERE post_id=$bdt_post_id"
Use placeholders and $wpdb->prepare(); found $bdt_sql_query
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
Plugin name "Live Copy Paste for Elementor - Cross Domain Copy Paste & Page Duplicator" is different from the name declared in plugin header "Live Copy Paste".
The "Short Description" section is too long and was truncated. A maximum of 150 characters is supported.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET['duplicate_nonce'] not unslashed before sanitization. Use wp_unslash() or similar | 9 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 6 |
| WordPress.WP.I18n.NonSingularStringLiteralDomain | ERROR | The $domain parameter must be a single text string literal. Found: $this->settings['text_domain'] | 5 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_GET['duplicate_nonce'] | 4 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 4 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 2 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 2 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 2 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_REQUEST['post_id']. Check that the array index exists before using it. | 2 |
| PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound | WARNING | load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed. | 1 |
| PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissing | ERROR | Sanitization missing for register_setting(). | 1 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | ERROR | Unescaped parameter $bdt_sql_query used in $wpdb->query()\n$bdt_sql_query assigned unsafely at line 109. | 1 |
| WordPress.DB.PreparedSQL.InterpolatedNotPrepared | WARNING | Use placeholders and $wpdb->prepare(); found interpolated variable $bdt_post_id at "SELECT meta_key, meta_value FROM $wpdb->postmeta WHERE post_id=$bdt_post_id" | 1 |
| WordPress.DB.PreparedSQL.NotPrepared | ERROR | Use placeholders and $wpdb->prepare(); found $bdt_sql_query | 1 |
| WordPress.Security.SafeRedirect.wp_redirect_wp_redirect | WARNING | wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed. | 1 |
| mismatched_plugin_name | WARNING | Plugin name "Live Copy Paste for Elementor - Cross Domain Copy Paste & Page Duplicator" is different from the name declared in plugin header "Live Copy Paste". | 1 |
| readme_parser_warnings_trimmed_short_description | WARNING | The "Short Description" section is too long and was truncated. A maximum of 150 characters is supported. | 1 |
Latest Snapshot
Findings
44
Errors
12
Warnings
32
Score History
First score snapshot
First scan completed Jun 21, 2026
v1.5.3 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 21, 2026
v1.5.3
43
Latest
- Findings
- 44
- Errors
- 12
- Warnings
- 32
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 21, 2026Latest | 43 | 44 | 12 | 32 | v1.5.3 | 2.0.0 | 2026.06-mvp-static-v2 |
