PopupAlly

PopupAlly allows you to create advanced popup signup forms in under 5 minutes without dealing with messy code.

v2.1.7AccessAllyUpdated 25 days agoAdded 12 years ago2k+ installs82% rating

conversion free popups lightbox popups sign-up form

Score

Errors

Warnings

Change

Category Scores

Security63

Repo94

Performance97

Maintainability81

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

50 findings

Maintainability

5 issue groups

Security

4 issue groups

Performance

1 issue group

Repo Compliance

1 issue group

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;36

Category: Maintainability
Occurrences: 36
Severity: error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protection Reference

WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $filter at "SELECT ID, post_date, post_title, post_parent FROM $wpdb->posts WHERE post_status IN ('publish') AND post_type = '$type' ORDER BY post_title $filter"2

Category: Security
Occurrences: 2
Severity: warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $filter at "SELECT ID, post_date, post_title, post_parent FROM $wpdb->posts WHERE post_status IN ('publish') AND post_type = '$type' ORDER BY post_title $filter"

WordPress.DB.PreparedSQL.InterpolatedNotPrepared

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST['nonce']2

Category: Security
Occurrences: 2
Severity: warning

Sample message

Detected usage of a non-sanitized input variable: $_POST['nonce']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

WARNINGSecurityRequest data is not unslashed$_POST['nonce'] not unslashed before sanitization. Use wp_unslash() or similar2

Category: Security
Occurrences: 2
Severity: warning

Sample message

$_POST['nonce'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash

WARNINGPerformancePost Not In excludeUsing exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.2

Category: Performance
Occurrences: 2
Severity: warning

Sample message

Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.

WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_exclude

ERRORSecurityDatabase parameter is not escapedUnescaped parameter $type used in $wpdb->get_results()\n$type used without escaping.1

Category: Security
Occurrences: 1
Severity: error

Sample message

Unescaped parameter $type used in $wpdb->get_results()\n$type used without escaping.

PluginCheck.Security.DirectDB.UnescapedDBParameter

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching

ERRORMaintainabilityparse url parse urlparse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

WordPress.WP.AlternativeFunctions.parse_url_parse_url

ERRORMaintainabilityrand randrand() is discouraged. Use the far less predictable wp_rand() instead.1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

rand() is discouraged. Use the far less predictable wp_rand() instead.

WordPress.WP.AlternativeFunctions.rand_rand

Show 1 more

ERRORRepo Complianceplugin header no license1

Category: Repo Compliance
Occurrences: 1
Severity: error

Sample message

Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.

plugin_header_no_license Reference

Score History

First score snapshot

yesterday

v2.1.7

Latest

Findings: 50
Errors: 40
Warnings: 10
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
yesterdayLatest	75	50	40	10	v2.1.7	2.0.0

Related Plugins

Album Gallery for Flickr

4k+ active installs

100

All In One Lightbox – Display Images, Audio, and Video in Popups

3k+ active installs

100

Lightbox Images for Divi Enhanced

4k+ active installs

100

Superb Addons: Blocks, Patterns, Pre-built Pages, Sliders, Popups, Free Forms, Animations & More

80k+ active installs

100

Video Popup – Video Lightbox for YouTube, Vimeo & MP4

10k+ active installs

100

Advanced Popups

60k+ active installs