Effortlessly migrate, clone, or transfer your WordPress site to over 5,000 web hosts with Migrate Guru, trusted by Cloudways, Pantheon, and Dreamhost.
Category Scores
Top Issues by Category
maintainability9
Issues Details
15 issues found in latest scan
Unescaped parameter $query used in $wpdb->get_col()\n$query used without escaping.
Function "get_main_site_id()" requires WordPress 4.9.0, but your plugin minimum supported version is WordPress 4.0.0.
Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching.
phpinfo() can lead to full path disclosure.
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'.
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
| Code | Type | Message | Count |
|---|---|---|---|
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter $query used in $wpdb->get_col()\n$query used without escaping. | 4 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "get_main_site_id()" requires WordPress 4.9.0, but your plugin minimum supported version is WordPress 4.0.0. | 3 |
| WordPress.WP.EnqueuedResourceParameters.MissingVersion | WARNING | Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching. | 2 |
| Generic.PHP.ForbiddenFunctions.Found | ERROR | The use of function move_uploaded_file() is forbidden | 1 |
| WordPress.PHP.DevelopmentFunctions.prevent_path_disclosure_phpinfo | WARNING | phpinfo() can lead to full path disclosure. | 1 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'. | 1 |
| WordPress.Security.SafeRedirect.wp_redirect_wp_redirect | WARNING | wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed. | 1 |
| five_star_reviews_detected | ERROR | Linking directly to 5 stars reviews is not allowed. | 1 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 1 |
Latest Snapshot
Findings
15
Errors
7
Warnings
8
Score History
First score snapshot
First scan completed Jun 19, 2026
v6.28 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 19, 2026
v6.28
81
Latest
- Findings
- 15
- Errors
- 7
- Warnings
- 8
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 19, 2026Latest | 81 | 15 | 7 | 8 | v6.28 | 2.0.0 | 2026.06-mvp-static-v2 |
