PluginScore

My Social Feeds – Social Feeds Embedder Plugin for WP

Embed Instagram, TikTok, Pinterest, and Twitter feeds easily using Gutenberg blocks.

v1.0.5bPluginsUpdated Added 400 installs0% rating
blockinstagram feedpinterest feedtiktok feedtwitter feed
40
Score
8
Errors
77
Warnings
+0
Change

Category Scores

Security0
Repo100
Performance100
Maintainability74

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

85 findings

Security

50

6 issue groups

Maintainability

33

13 issue groups

I18n

2

2 issue groups

WARNINGSecurityRequest data is not unslashed$_GET['account_id'] not unslashed before sanitization. Use wp_unslash() or similar20
Category
Security
Occurrences
20
Severity
warning

Sample message

$_GET['account_id'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.13
Category
Security
Occurrences
13
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "BPluginsFSLite".8
Category
Maintainability
Occurrences
8
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "BPluginsFSLite".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$accounts".7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$accounts".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_GET['boardName']. Check that the array index exists before using it.7
Category
Security
Occurrences
7
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET['boardName']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.4
Category
Security
Occurrences
4
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['data']4
Category
Security
Occurrences
4
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['data']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGMaintainabilityNot In FooterIn footer ($in_footer) is not set explicitly wp_register_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_register_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WordPress.WP.EnqueuedResourceParameters.NotInFooter
WARNINGMaintainabilityNon-prefixed constantGlobal constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "FS_LITE_DIR".3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "FS_LITE_DIR".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<div class='bsbFrontShortcode' id='bsbFrontShortcode-$post_ID'>\n'.2
Category
Security
Occurrences
2
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<div class='bsbFrontShortcode' id='bsbFrontShortcode-$post_ID'>\n'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
Show 11 more
WARNINGMaintainabilityMissing Version2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Resource version not set in call to wp_register_style(). This means new versions of the style may not always be loaded due to browser caching.

WordPress.WP.EnqueuedResourceParameters.MissingVersion
ERRORMaintainabilityMissing direct file access protection2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
WARNINGMaintainabilityNon-prefixed function1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: &quot;fs_lite_dynamic_init&quot;.

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound
WARNINGMaintainabilityerror log debug backtrace1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

debug_backtrace() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_debug_backtrace
WARNINGMaintainabilityerror log error log1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_error_log
ERRORMaintainabilityNon Enqueued Script1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Scripts must be registered/enqueued via wp_enqueue_script()

WordPress.WP.EnqueuedResources.NonEnqueuedScript
ERRORI18nText Domain Mismatch1
Category
I18n
Occurrences
1
Severity
error

Sample message

Mismatched text domain. Expected 'my-social-feeds' but got 'slider'.

WordPress.WP.I18n.TextDomainMismatchReference
ERRORMaintainabilityblock api version too low1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Editor blocks must define "apiVersion" 3 or higher in block.json for WordPress 7.0+ iframe editor compatibility.

block_api_version_too_lowReference
WARNINGMaintainabilitymismatched plugin name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Plugin name "My Social Feeds – Social Feeds Embedder Plugin for WP" is different from the name declared in plugin header "My Social Feeds".

mismatched_plugin_nameReference
ERRORI18ntextdomain invalid format1
Category
I18n
Occurrences
1
Severity
error

Sample message

The "Text Domain" header in the plugin file should only contain lowercase letters, numbers, and hyphens. Found "my-social-feeds, /includes/LicenseActivation.php".

textdomain_invalid_formatReference
WARNINGMaintainabilitytrademarked term1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "My Social Feeds – Social Feeds Embedder Plugin for WP" - contains the restricted term "plugin" which cannot be used at all in your plugin name.

trademarked_term

External Connections

Potential connections found in static code analysis.

30 domains

Outbound calls

101

External assets

2

Incoming endpoints

26

Notable Domains

wptiktokfeed.com16 · outbound
bblockswp.com15 · outbound
bplugins.com8 · outbound
api.bplugins.com6 · outbound
freemius.com6 · outbound
graph.instagram.com5 · outbound

Platform / Reference Domains

w3.org8 · platform/reference
ps.w.org3 · platform/reference
wordpress.org2 · platform/reference
api.wordpress.org1 · platform/reference
gnu.org1 · platform/reference

External Asset Domains

fonts.googleapis.com3 · asset + outbound
tiktok.com1 · asset

Incoming Endpoints

wp_ajax_nopriv_bPinterestAjaxRequestpublic

wp_ajax

wp_ajax_nopriv_ifbAjaxRequestpublic

wp_ajax

wp_ajax_nopriv_ifbDeleteTransientpublic

wp_ajax

wp_ajax_nopriv_ttp_tiktok_videospublic

wp_ajax

Admin AJAX endpoints20
wp_ajax_bpl_authenticated

wp_ajax

wp_ajax_bPinterestAjaxRequestauthenticated

wp_ajax

wp_ajax_bsdk_fetch_info_authenticated

wp_ajax

wp_ajax_fs_initauthenticated

wp_ajax

wp_ajax_fs_notice_dismiss_authenticated

wp_ajax

wp_ajax_ifbAjaxRequestauthenticated

wp_ajax

wp_ajax_ifbDeleteTransientauthenticated

wp_ajax

wp_ajax_msfbp-delete-instagram-access-tokenauthenticated

wp_ajax

wp_ajax_msfbp-delete-pinterest-credentialsauthenticated

wp_ajax

wp_ajax_msfbp-delete-twitter-credentialsauthenticated

wp_ajax

wp_ajax_msfbp-get-instagram-access-tokenauthenticated

wp_ajax

wp_ajax_msfbp-get-pinterest-credentialsauthenticated

wp_ajax

8 more hidden

Score History

First score snapshot

v1.0.5

40

Latest

Findings
85
Errors
8
Warnings
77
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins

Advance Custom HTML – Show Live Code, Share Snippets, Embed Code, and Style Them Your Way.

10k+ active installs

100
Audio Player Block – Advanced Block for Embedding Audio Files

2k+ active installs

100
Block Editor: Reverse Columns on Mobile

500 active installs

100
Block for Mailchimp – Add Email Subscription Forms and Collect Leads

2k+ active installs

100
Breadcrumb Block

3k+ active installs

100
Button Block – Design Stylish, Interactive, and Multi-Functional Buttons

5k+ active installs

100