Create thousands of targeted landing pages in bulk, boost your search visibility, and save countless hours of manual work with MPG.🚀
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
649
11 issue groups
Maintainability
335
14 issue groups
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.156
- Category
- Security
- Occurrences
- 156
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.155
- Category
- Security
- Occurrences
- 155
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Array limit of {$this->limit} reached."'.93
- Category
- Security
- Occurrences
- 93
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Array limit of {$this->limit} reached."'.
ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $block_id63
- Category
- Security
- Occurrences
- 63
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $block_id
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.60
- Category
- Maintainability
- Occurrences
- 60
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGSecurityRequest data is not unslashed$_GET['id'] not unslashed before sanitization. Use wp_unslash() or similar59
- Category
- Security
- Occurrences
- 59
- Severity
- warning
Sample message
$_GET['id'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().56
- Category
- Maintainability
- Occurrences
- 56
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORMaintainabilityfile system operations fwriteFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().28
- Category
- Maintainability
- Occurrences
- 28
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().
WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "MPG_AdvancedSettingsController".26
- Category
- Maintainability
- Occurrences
- 26
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "MPG_AdvancedSettingsController".
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_GET['projectId']. Check that the array index exists before using it.26
- Category
- Security
- Occurrences
- 26
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_GET['projectId']. Check that the array index exists before using it.
Show 15 moreShow less
ERRORSecurityOutput is not escaped23
- Category
- Security
- Occurrences
- 23
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<$tag $scope $id $class>$column_display_name</$tag>"'.
WARNINGSecurityNonce verification recommended23
- Category
- Security
- Occurrences
- 23
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORMaintainabilityMissing direct file access protection23
- Category
- Maintainability
- Occurrences
- 23
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGMaintainabilityNon-prefixed global variable21
- Category
- Maintainability
- Occurrences
- 21
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$display_integration".
WARNINGSecurityInput is not sanitized21
- Category
- Security
- Occurrences
- 21
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_POST['applyCondition']
WARNINGMaintainabilityNon-prefixed constant18
- Category
- Maintainability
- Occurrences
- 18
- Severity
- warning
Sample message
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "MPG_BASENAME".
WARNINGMaintainabilityNon-prefixed hook name18
- Category
- Maintainability
- Occurrences
- 18
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "mpg_advanced_setting_before".
WARNINGSecurityDatabase parameter is not escaped16
- Category
- Security
- Occurrences
- 16
- Severity
- warning
Sample message
Unescaped parameter $mpg_projects_table used in $wpdb->get_results()\n$mpg_projects_table assigned unsafely at line 51.
ERRORMaintainabilityunlink unlink16
- Category
- Maintainability
- Occurrences
- 16
- Severity
- error
Sample message
unlink() is discouraged. Use wp_delete_file() to delete a file.
WARNINGMaintainabilitySchema Change15
- Category
- Maintainability
- Occurrences
- 15
- Severity
- warning
Sample message
Attempting a database schema change is discouraged.
WARNINGMaintainabilityNon-prefixed namespace15
- Category
- Maintainability
- Occurrences
- 15
- Severity
- warning
Sample message
Namespaces declared by a theme/plugin should start with the theme/plugin prefix. Found: "MPG\Display".
WARNINGSecurityInterpolated SQL is not prepared14
- Category
- Security
- Occurrences
- 14
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $mpg_projects_table at "ALTER TABLE `$mpg_projects_table` ADD `participate_in_default_loop` BOOLEAN DEFAULT FALSE"
ERRORMaintainabilityfile system operations fclose14
- Category
- Maintainability
- Occurrences
- 14
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
ERRORMaintainabilityfile system operations fopen14
- Category
- Maintainability
- Occurrences
- 14
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
WARNINGMaintainabilityNot In Footer11
- Category
- Maintainability
- Occurrences
- 11
- Severity
- warning
Sample message
In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.
External Connections
Not analyzed yet.
Score History
First score snapshot
v4.1.7
23
Latest
- Findings
- 1,068
- Errors
- 488
- Warnings
- 580
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 23 | 1,068 | 488 | 580 | v4.1.7 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.
Relationship links
Author
Category
Issue
Related
Author
Category
Issue
Related
Related Plugins
1k+ active installs
4k+ active installs
400 active installs
40k+ active installs
1k+ active installs
1k+ active installs