Plugin Security Scanner

This plugin alerts you if any of your plugins have security vulnerabilities. It does this by utilising the WPScan Vulnerability Database once a day.

v2.0.2Glen ScottUpdated Added 800 installs98% rating
84
Score
9
Errors
9
Warnings
+0
Change

Category Scores

Security75
Repo94
Performance100
Maintainability92

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

18 findings

Maintainability

9

4 issue groups

Security

5

1 issue group

I18n

3

2 issue groups

Repo Compliance

1

1 issue group

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$options['api_token']'.5
Category
Security
Occurrences
5
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$options['api_token']'.

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "get_vulnerable_plugins".3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "get_vulnerable_plugins".

WARNINGMaintainabilitytrademarked termThe plugin name includes a restricted term. Your chosen plugin name - "Plugin Security Scanner" - contains the restricted term "plugin" which cannot be used at all in your plugin name.3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "Plugin Security Scanner" - contains the restricted term "plugin" which cannot be used at all in your plugin name.

WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "pluginsecurityscanner_webhook_message".2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "pluginsecurityscanner_webhook_message".

ERRORI18nMissing Translators CommentA function call to _n() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.2
Category
I18n
Occurrences
2
Severity
error

Sample message

A function call to _n() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WARNINGMaintainabilityNon-prefixed constantGlobal constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "PSP_GENERAL_ERROR".1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "PSP_GENERAL_ERROR".

ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().1
Category
I18n
Occurrences
1
Severity
error

Sample message

Missing $domain parameter in function call to __().

ERRORRepo Complianceoutdated tested upto headerTested up to: 5.2 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 5.2 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

External Connections

Potential connections found in static code analysis.

4 domains

Outbound calls

9

External assets

0

Incoming endpoints

0

Notable Domains

wpvulndb.com6 · outbound
exploitbox.io1 · outbound
glenscott.co.uk1 · outbound
yellowsquare.com1 · outbound

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Score History

First score snapshot

v2.0.2

84

Latest

Findings
18
Errors
9
Warnings
9
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

33 nodes

Related Plugins

Dam Spam

1k+ active installs

100
Login Security Captcha

10k+ active installs

100
MASS Users Password Reset

600 active installs

100
Protect Login

600 active installs

100
Remove XML-RPC Methods

1k+ active installs

100
Stop XML-RPC Attacks

6k+ active installs

100