PluginScore

PDF Importer for WPForms

Import a pdf, map it to a form and attaching to any email

v1.3.83EDGARROJASUpdated Added 400 installs84% rating
WPFormsformspdfpdf builderwpform
25
Score
332
Errors
329
Warnings
+0
Change

Category Scores

Security0
Repo97
Performance100
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

661 findings

Maintainability

370

14 issue groups

Security

258

9 issue groups

I18n

6

2 issue groups

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$A".178
Category
Maintainability
Occurrences
178
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$A".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$Lookup[$i]['Type']'.91
Category
Security
Occurrences
91
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$Lookup[$i]['Type']'.

WordPress.Security.EscapeOutput.ExceptionNotEscapedReference
ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $query78
Category
Security
Occurrences
78
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $query

WordPress.DB.PreparedSQL.NotPrepared
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$Format'.39
Category
Security
Occurrences
39
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$Format'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.35
Category
Maintainability
Occurrences
35
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
ERRORMaintainabilitywp function not compatible with requires wpFunction "mb_strlen()" requires WordPress 4.2.0, but your plugin minimum supported version is WordPress 3.3.0.32
Category
Maintainability
Occurrences
32
Severity
error

Sample message

Function "mb_strlen()" requires WordPress 4.2.0, but your plugin minimum supported version is WordPress 3.3.0.

wp_function_not_compatible_with_requires_wpReference
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().30
Category
Maintainability
Occurrences
30
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;25
Category
Maintainability
Occurrences
25
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $this->Loader->FormConfigTable used in $wpdb->get_results()20
Category
Security
Occurrences
20
Severity
warning

Sample message

Unescaped parameter $this->Loader->FormConfigTable used in $wpdb->get_results()

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGMaintainabilityerror log var exportvar_export() found. Debug code should not normally be used in production.19
Category
Maintainability
Occurrences
19
Severity
warning

Sample message

var_export() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_var_export
Show 15 more
ERRORMaintainabilityfile system operations fread14
Category
Maintainability
Occurrences
14
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread().

WordPress.WP.AlternativeFunctions.file_system_operations_fread
WARNINGSecurityMissing nonce verification12
Category
Security
Occurrences
12
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
ERRORMaintainabilityBacktick operator found8
Category
Maintainability
Occurrences
8
Severity
error

Sample message

Use of the backtick operator is forbidden

Generic.PHP.BacktickOperator.Found
WARNINGSecurityNonce verification recommended7
Category
Security
Occurrences
7
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
ERRORMaintainabilityfile system operations fopen7
Category
Maintainability
Occurrences
7
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

WordPress.WP.AlternativeFunctions.file_system_operations_fopen
ERRORMaintainabilitydate date6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WordPress.DateTime.RestrictedFunctions.date_date
ERRORMaintainabilityfile system operations fclose6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

WordPress.WP.AlternativeFunctions.file_system_operations_fclose
WARNINGSecurityInput is not sanitized5
Category
Security
Occurrences
5
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_FILES['file']['tmp_name']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityRequest data is not unslashed4
Category
Security
Occurrences
4
Severity
warning

Sample message

$_GET['_nonce'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
ERRORMaintainabilityfile system operations mkdir4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().

WordPress.WP.AlternativeFunctions.file_system_operations_mkdir
WARNINGMaintainabilityNon-prefixed constant3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "_OTL_OLD_SPEC_COMPAT_2".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound
ERRORI18nMissing Arg Domain3
Category
I18n
Occurrences
3
Severity
error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomainReference
ERRORI18nText Domain Mismatch3
Category
I18n
Occurrences
3
Severity
error

Sample message

Mismatched text domain. Expected 'pdf-importer-for-wpform' but got "rednaopdfimporter".

WordPress.WP.I18n.TextDomainMismatchReference
WARNINGMaintainabilitytrademarked term3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "PDF Importer for WPForm" - contains the restricted term "wp" which cannot be used at all in your plugin name.

trademarked_term
ERRORSecurityDatabase parameter is not escaped2
Category
Security
Occurrences
2
Severity
error

Sample message

Unescaped parameter $query used in $wpdb->get_results()\n$query assigned unsafely at line 37.

PluginCheck.Security.DirectDB.UnescapedDBParameter

External Connections

Potential connections found in static code analysis.

33 domains

Outbound calls

247

External assets

0

Incoming endpoints

1

Notable Domains

setasign.com52 · outbound
formwiz.rednao.com15 · outbound
fpdf.org8 · outbound
hakim.se5 · outbound
lab.hakim.se5 · outbound
microsoft.com5 · outbound

Platform / Reference Domains

opensource.org48 · platform/reference
github.com38 · platform/reference
gnu.org37 · platform/reference
w3.org4 · platform/reference
wordpress.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints1
wp_ajax_pdf_importer_dont_show_again_noticeauthenticated

wp_ajax

Score History

First score snapshot

v1.3.83

25

Latest

Findings
661
Errors
332
Warnings
329
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related

Yoast SEO – Advanced SEO with real-time guidance and built-in AI24 scoreWooCommerce22 scoreContact Form 769 scoreElementor Website Builder – more than just a page builder35 scoreLiteSpeed Cache35 scoreAkismet Anti-spam: Spam Protection35 scoreSite Kit by Google – Analytics, Search Console, AdSense, Speed25 scoreWordfence Security – Firewall, Malware Scan, and Login Security21 scoreWP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin30 scoreJetpack – WP Security, Backup, Speed, & Growth23 scoreWPForms – AI Form Builder for WordPress – Contact Forms, Payment Forms, Survey Form, Quiz & More32 scoreFluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder22 scoreForminator Forms – Contact Form, Payment Form & Custom Form Builder24 scoreNinja Forms – The Contact Form Builder That Grows With You23 score

Related Plugins

Crowdsignal Forms

200k+ active installs

100
Email Marketing for WordPress and WooCommerce – Retainful

500 active installs

100
LeadConnector

20k+ active installs

100
PDF Embed Block – Embed PDF Files in Posts or Pages

3k+ active installs

100
PDF Poster – Display PDF Files with Custom Viewer

20k+ active installs

100
Superb Addons: Blocks, Patterns, Pre-built Pages, Sliders, Popups, Free Forms, Animations & More

80k+ active installs

100