Photo proofing for professional photographers: Send a collection of photographs to your clients for approval.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
721
8 issue groups
Maintainability
122
13 issue groups
I18n
71
3 issue groups
Performance
5
1 issue group
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$'.287
- Category
- Security
- Occurrences
- 287
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$'.
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like echo esc_html_x() or echo esc_attr_x()), found '_ex'.210
- Category
- Security
- Occurrences
- 210
- Severity
- error
Sample message
All output should be run through an escaping function (like echo esc_html_x() or echo esc_attr_x()), found '_ex'.
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.59
- Category
- Security
- Occurrences
- 59
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$Parsedown".56
- Category
- Maintainability
- Occurrences
- 56
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$Parsedown".
WARNINGSecurityRequest data is not unslashed$_GET['close'] not unslashed before sanitization. Use wp_unslash() or similar48
- Category
- Security
- Occurrences
- 48
- Severity
- warning
Sample message
$_GET['close'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.45
- Category
- Security
- Occurrences
- 45
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_FILES['async-upload']['name']41
- Category
- Security
- Occurrences
- 41
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_FILES['async-upload']['name']
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.37
- Category
- I18n
- Occurrences
- 37
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
ERRORI18nUnordered Placeholders TextMultiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in '%spicu Pro%s is required to send a collection to multiple clients.'.31
- Category
- I18n
- Occurrences
- 31
- Severity
- error
Sample message
Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in '%spicu Pro%s is required to send a collection to multiple clients.'.
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_POST['ident']. Check that the array index exists before using it.20
- Category
- Security
- Occurrences
- 20
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_POST['ident']. Check that the array index exists before using it.
Show 15 moreShow less
WARNINGSecuritywp redirect wp redirect11
- Category
- Security
- Occurrences
- 11
- Severity
- warning
Sample message
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
WARNINGMaintainabilityslow db query meta query9
- Category
- Maintainability
- Occurrences
- 9
- Severity
- warning
Sample message
Detected usage of meta_query, possible slow query.
ERRORMaintainabilityNon Enqueued Script9
- Category
- Maintainability
- Occurrences
- 9
- Severity
- error
Sample message
Scripts must be registered/enqueued via wp_enqueue_script()
ERRORMaintainabilityMissing direct file access protection9
- Category
- Maintainability
- Occurrences
- 9
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
ERRORMaintainabilityrand rand7
- Category
- Maintainability
- Occurrences
- 7
- Severity
- error
Sample message
rand() is discouraged. Use the far less predictable wp_rand() instead.
ERRORMaintainabilityparse url parse url6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
WARNINGMaintainabilityNon-prefixed constant5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- warning
Sample message
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DONOTCACHEDB".
WARNINGMaintainabilityNon-prefixed function5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "disable_rankmath_content_ai_metabox".
WARNINGPerformancePost Not In post not in5
- Category
- Performance
- Occurrences
- 5
- Severity
- warning
Sample message
Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
WARNINGMaintainabilityNon-prefixed hook name4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "validate_from_email".
WARNINGMaintainabilityerror log error log4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
error_log() found. Debug code should not normally be used in production.
ERRORMaintainabilitydate date3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
ERRORI18nMissing Arg Domain3
- Category
- I18n
- Occurrences
- 3
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
ERRORMaintainabilitylibrary core files3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
Library files that are already in the WordPress core are not permitted.
WARNINGMaintainabilityerror log print r2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
print_r() found. Debug code should not normally be used in production.
External Connections
Not analyzed yet.
Score History
First score snapshot
v3.7.0
27
Latest
- Findings
- 935
- Errors
- 613
- Warnings
- 322
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 27 | 935 | 613 | 322 | v3.7.0 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.
Relationship links
Author
Issue
Related
Author
Issue
Related
Related Plugins
3k+ active installs
4k+ active installs
20k+ active installs
20k+ active installs
4k+ active installs