Offload Media moves your WordPress files to cloud storage (AWS S3, DigitalOcean, Cloudflare R2, Google Cloud) to improve site performance.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
119
12 issue groups
Security
67
10 issue groups
I18n
10
2 issue groups
Performance
2
1 issue group
ERRORMaintainabilityunlink unlinkunlink() is discouraged. Use wp_delete_file() to delete a file.33
- Category
- Maintainability
- Occurrences
- 33
- Severity
- error
Sample message
unlink() is discouraged. Use wp_delete_file() to delete a file.
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.17
- Category
- Maintainability
- Occurrences
- 17
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
ERRORMaintainabilityfile system operations fopenFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().17
- Category
- Maintainability
- Occurrences
- 17
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().16
- Category
- Maintainability
- Occurrences
- 16
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'.15
- Category
- Security
- Occurrences
- 15
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'.
WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $attachment_id at "SELECT meta_value FROM $wpdb->postmeta WHERE post_id=$attachment_id AND meta_key='$key'"11
- Category
- Security
- Occurrences
- 11
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $attachment_id at "SELECT meta_value FROM $wpdb->postmeta WHERE post_id=$attachment_id AND meta_key='$key'"
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.10
- Category
- Security
- Occurrences
- 10
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().9
- Category
- I18n
- Occurrences
- 9
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
ERRORMaintainabilityparse url parse urlparse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- error
Sample message
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $query7
- Category
- Security
- Occurrences
- 7
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $query
Show 15 moreShow less
ERRORMaintainabilityfile system operations fclose6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
ERRORMaintainabilityfile system operations fwrite6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().
ERRORSecurityDatabase parameter is not escaped5
- Category
- Security
- Occurrences
- 5
- Severity
- error
Sample message
Unescaped parameter $attachment_id used in $wpdb->get_row()\n$attachment_id used without escaping.
ERRORSecurityUnsafe printing function5
- Category
- Security
- Occurrences
- 5
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
WARNINGMaintainabilitySchema Change4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
Attempting a database schema change is discouraged.
WARNINGSecurityInput is not sanitized4
- Category
- Security
- Occurrences
- 4
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_FILES['file']
WARNINGSecurityRequest data is not unslashed4
- Category
- Security
- Occurrences
- 4
- Severity
- warning
Sample message
$_POST['id'] not unslashed before sanitization. Use wp_unslash() or similar
ERRORMaintainabilitycurl curl setopt4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilitydate date3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
WARNINGSecurityMissing nonce verification3
- Category
- Security
- Occurrences
- 3
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityInput is not validated3
- Category
- Security
- Occurrences
- 3
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_SERVER['HTTP_ORIGIN']. Check that the array index exists before using it.
ERRORMaintainabilityfile system operations mkdir3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().
WARNINGMaintainabilityMissing Version2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching.
WARNINGPerformancePost Not In exclude2
- Category
- Performance
- Occurrences
- 2
- Severity
- warning
Sample message
Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
WARNINGI18nDiscouraged text-domain loading1
- Category
- I18n
- Occurrences
- 1
- Severity
- warning
Sample message
load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.
External Connections
Potential connections found in static code analysis.
Outbound calls
297
External assets
2
Incoming endpoints
1
Notable Domains
Platform / Reference Domains
External Asset Domains
Incoming Endpoints
No public endpoints detected.
Admin AJAX endpoints1
wp_ajax
Score History
First score snapshot
v1.8.1
29
Latest
- Findings
- 206
- Errors
- 126
- Warnings
- 80
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 29 | 206 | 126 | 80 | v1.8.1 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.
Relationship links
Author
Issue
Domain
Related
Author
Issue
Domain
Related
Related Plugins
1k+ active installs
1k+ active installs
60k+ active installs
900 active installs
8k+ active installs
1k+ active installs