Manager for IcoMoon

Manage IcoMoon icon font packages in WordPress.

v3.0albedo0Updated Added 400 installs100% rating
32
Score
270
Errors
68
Warnings
+0
Change

Category Scores

Security0
Repo94
Performance100
Maintainability38

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

338 findings

Maintainability

190

15 issue groups

Security

144

9 issue groups

I18n

2

1 issue group

ERRORMaintainabilityShort PHP open tag foundShort PHP opening tag used with echo; expected "<?php echo ! ..." but found "<?= ! ..."141
Category
Maintainability
Occurrences
141
Severity
error

Sample message

Short PHP opening tag used with echo; expected "<?php echo ! ..." but found "<?= ! ..."

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$content'.99
Category
Security
Occurrences
99
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$content'.

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$added&quot;.24
Category
Maintainability
Occurrences
24
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$added&quot;.

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.15
Category
Security
Occurrences
15
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_FILES[&#039;managerforicomoon-zip&#039;]10
Category
Security
Occurrences
10
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_FILES[&#039;managerforicomoon-zip&#039;]

ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$ex'.6
Category
Security
Occurrences
6
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$ex'.

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGSecurityRequest data is not unslashed$_POST[&#039;managerforicomoon-zip_nonce&#039;] not unslashed before sanitization. Use wp_unslash() or similar4
Category
Security
Occurrences
4
Severity
warning

Sample message

$_POST[&#039;managerforicomoon-zip_nonce&#039;] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

Show 15 more
ERRORSecuritySQL query is not prepared3
Category
Security
Occurrences
3
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $sql

WARNINGSecurityInput is not validated3
Category
Security
Occurrences
3
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_FILES[&#039;managerforicomoon-zip&#039;][&#039;tmp_name&#039;]. Check that the array index exists before using it.

WARNINGI18nDiscouraged text-domain loading2
Category
I18n
Occurrences
2
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

ERRORSecurityDatabase parameter is not escaped2
Category
Security
Occurrences
2
Severity
error

Sample message

Unescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 513.

WARNINGMaintainabilityerror log var dump2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

var_dump() found. Debug code should not normally be used in production.

ERRORSecurityUnsafe printing function2
Category
Security
Occurrences
2
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

ERRORMaintainabilityunlink unlink2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

ERRORMaintainabilitywp function not compatible with requires wp2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Function "register_block_type()" requires WordPress 5.0.0, but your plugin minimum supported version is WordPress 4.7.4.

WARNINGMaintainabilityMixed line endings1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

File has mixed line endings; this may cause incorrect results

WARNINGMaintainabilityerror log error log1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

ERRORMaintainabilityfile system operations fclose1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

ERRORMaintainabilityfile system operations fopen1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

ERRORMaintainabilityfile system operations fwrite1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().

ERRORMaintainabilityfile system operations rmdir1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: rmdir().

ERRORMaintainabilityrename rename1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

rename() is discouraged. Use WP_Filesystem::move() to rename a file.

External Connections

Potential connections found in static code analysis.

6 domains

Outbound calls

10

External assets

0

Incoming endpoints

1

Notable Domains

dev.juliencrego.com2 · outbound
icomoon.io2 · outbound
localise.biz1 · outbound
paypal.com1 · outbound

Platform / Reference Domains

wordpress.org3 · platform/reference
fr.wordpress.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints1
wp_ajax_m4i_gutenberg_modal_insert_iconauthenticated

wp_ajax

Score History

First score snapshot

v3.0

32

Latest

Findings
338
Errors
270
Warnings
68
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

32 nodes

Related Plugins