Stop silent site breakages. The ultimate in-admin server audit & per-user troubleshooting tool built for agencies and professional developers.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
656
14 issue groups
Security
306
10 issue groups
I18n
6
1 issue group
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_".564
- Category
- Maintainability
- Occurrences
- 564
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_".
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$a_color'.199
- Category
- Security
- Occurrences
- 199
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$a_color'.
WARNINGSecurityRequest data is not unslashed$_COOKIE[self::COOKIE] not unslashed before sanitization. Use wp_unslash() or similar42
- Category
- Security
- Occurrences
- 42
- Severity
- warning
Sample message
$_COOKIE[self::COOKIE] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE[self::COOKIE]26
- Category
- Security
- Occurrences
- 26
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_COOKIE[self::COOKIE]
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.22
- Category
- Maintainability
- Occurrences
- 22
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().21
- Category
- Maintainability
- Occurrences
- 21
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $query13
- Category
- Security
- Occurrences
- 13
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $query
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.13
- Category
- Security
- Occurrences
- 13
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORMaintainabilityPlugin Directory WritePlugin folders are deleted when upgraded. Do not save data to the plugin folder using file_put_contents(). Detected usage of constant WP_CONTENT_DIR. Use wp_upload_dir() to get the uploads directory path or save to the database instead.11
- Category
- Maintainability
- Occurrences
- 11
- Severity
- error
Sample message
Plugin folders are deleted when upgraded. Do not save data to the plugin folder using file_put_contents(). Detected usage of constant WP_CONTENT_DIR. Use wp_upload_dir() to get the uploads directory path or save to the database instead.
ERRORMaintainabilitywp function not compatible with requires wpFunction "wp_ai_client_prompt()" requires WordPress 7.0.0, but your plugin minimum supported version is WordPress 5.9.0.8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- error
Sample message
Function "wp_ai_client_prompt()" requires WordPress 7.0.0, but your plugin minimum supported version is WordPress 5.9.0.
Show 15 moreShow less
ERRORSecurityDatabase parameter is not escaped6
- Category
- Security
- Occurrences
- 6
- Severity
- error
Sample message
Unescaped parameter table() . " ORDER BY created_at DESC LIMIT %d" used in $wpdb->get_results()
ERRORMaintainabilityfile system operations is writable6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().
ERRORI18nMissing Arg Domain6
- Category
- I18n
- Occurrences
- 6
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
ERRORMaintainabilityunlink unlink5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
unlink() is discouraged. Use wp_delete_file() to delete a file.
ERRORMaintainabilityparse url parse url4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
ERRORMaintainabilitydate date3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
ERRORMaintainabilityfile system operations fclose3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
WARNINGMaintainabilitytrademarked term3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
The plugin name includes a restricted term. Your chosen plugin name - "phpinfo() WP — Site Health, PHP Compatibility & Server Audit" - contains the restricted term "wp" which cannot be used at all in your plugin name.
WARNINGMaintainabilityDiscouraged PHP function2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
The use of function set_time_limit() is discouraged
WARNINGSecurityInterpolated SQL is not prepared2
- Category
- Security
- Occurrences
- 2
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $placeholders at " WHERE id IN ($placeholders)"
ERRORSecurityLike Wildcards In Query2
- Category
- Security
- Occurrences
- 2
- Severity
- error
Sample message
SQL wildcards for a LIKE query should be passed in through a replacement parameter. Found: LIKE '_transient_timeout_%'.
WARNINGSecurityInput is not validated2
- Category
- Security
- Occurrences
- 2
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_SERVER['REQUEST_METHOD']. Check that the array index exists before using it.
ERRORMaintainabilityfile system operations fopen2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
ERRORMaintainabilityfile system operations fread2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread().
WARNINGSecurityDatabase parameter is not escaped1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
Unescaped parameter $table used in $wpdb->query()\n$table assigned unsafely at line 38.
External Connections
Not analyzed yet.
Score History
First score snapshot
v7.2.3
25
Latest
- Findings
- 980
- Errors
- 276
- Warnings
- 704
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 25 | 980 | 276 | 704 | v7.2.3 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.
Relationship links
Author
Category
Issue
Related
Author
Category
Issue
Related
Related Plugins
100k+ active installs
10k+ active installs
3k+ active installs
2k+ active installs
10k+ active installs