Contact Form Widget

Create contact forms with query table management. Simple setup, secure submissions, and easy customization for your site.

v1.5.2A WP LifeUpdated Added 1k+ installs100% rating
38
Score
54
Errors
107
Warnings
+0
Change

Category Scores

Security0
Repo94
Performance100
Maintainability69

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

161 findings

Security

97

8 issue groups

Maintainability

36

11 issue groups

I18n

27

3 issue groups

Repo Compliance

1

1 issue group

WARNINGSecurityRequest data is not unslashed$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar34
Category
Security
Occurrences
34
Severity
warning

Sample message

$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar

ERRORI18nText Domain MismatchMismatched text domain. Expected 'new-contact-form-widget' but got 'new-image-gallery'.25
Category
I18n
Occurrences
25
Severity
error

Sample message

Mismatched text domain. Expected 'new-contact-form-widget' but got 'new-image-gallery'.

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_POST['bg_color']. Check that the array index exists before using it.23
Category
Security
Occurrences
23
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['bg_color']. Check that the array index exists before using it.

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$args['after_title']'.17
Category
Security
Occurrences
17
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$args['after_title']'.

WARNINGMaintainabilityMissing VersionResource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching.10
Category
Maintainability
Occurrences
10
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['_wpnonce']9
Category
Security
Occurrences
9
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['_wpnonce']

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $contact_form_table_name at "SELECT * FROM `$contact_form_table_name` ORDER BY date_time DESC LIMIT $per_page OFFSET $start"6
Category
Security
Occurrences
6
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $contact_form_table_name at "SELECT * FROM `$contact_form_table_name` ORDER BY date_time DESC LIMIT $per_page OFFSET $start"

WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $contact_form_table_name used in $wpdb->get_results()\n$contact_form_table_name assigned unsafely at line 121.4
Category
Security
Occurrences
4
Severity
warning

Sample message

Unescaped parameter $contact_form_table_name used in $wpdb->get_results()\n$contact_form_table_name assigned unsafely at line 121.

Show 13 more
WARNINGSecurityNonce verification recommended3
Category
Security
Occurrences
3
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityNo PHP code found2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.

ERRORMaintainabilitydate date2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

ERRORMaintainabilitystrip tags strip tags2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.

ERRORMaintainabilityNo Explicit Version2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Version parameter is not explicitly set or has been set to an equivalent of "false" for wp_enqueue_script; This means that the WordPress core version will be used which is not recommended for plugin or theme development.

ERRORMaintainabilityMissing direct file access protection2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGMaintainabilityMixed line endings1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

File has mixed line endings; this may cause incorrect results

WARNINGSecurityMissing nonce verification1
Category
Security
Occurrences
1
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORMaintainabilityfile system operations fclose1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

ERRORI18nMissing Arg Domain1
Category
I18n
Occurrences
1
Severity
error

Sample message

Missing $domain parameter in function call to esc_html_e().

ERRORI18nNon Singular String Literal Text1
Category
I18n
Occurrences
1
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: esc_html( 'Title:' )

WARNINGMaintainabilitymismatched plugin name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Plugin name "Contact Form Widget" is different from the name declared in plugin header "New Contact Form Widget & Shortcode [Standard]".

ERRORRepo Complianceplugin header no license1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.

External Connections

Potential connections found in static code analysis.

10 domains

Outbound calls

61

External assets

0

Incoming endpoints

2

Notable Domains

getbootstrap.com15 · outbound
awplife.com11 · outbound
fontawesome.io2 · outbound
blog.alexmaccaw.com1 · outbound
modernizr.com1 · outbound

Platform / Reference Domains

github.com16 · platform/reference
w3.org10 · platform/reference
profiles.wordpress.org2 · platform/reference
wordpress.org2 · platform/reference
s.w.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

wp_ajax_nopriv_submit_user_querypublic

wp_ajax

Admin AJAX endpoints1
wp_ajax_submit_user_queryauthenticated

wp_ajax

Score History

First score snapshot

v1.5.2

38

Latest

Findings
161
Errors
54
Warnings
107
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

34 nodes

Related Plugins

Contact Form Query

1k+ active installs

100
100
Style Contact Form 7

1k+ active installs

100
ACF Field For CF7

10k+ active installs

99