Post Timeline

Create stunning and interactive timelines for your WordPress posts with ease. Post Timeline is the ultimate plugin for displaying your WordPress conte …

v2.4.3Agile LogixUpdated Added 800 installs84% rating
29
Score
91
Errors
200
Warnings
+0
Change

Category Scores

Security0
Repo79
Performance97
Maintainability39

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

291 findings

Security

146

8 issue groups

Maintainability

116

15 issue groups

I18n

14

2 issue groups

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.46
Category
Security
Occurrences
46
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$animKey".43
Category
Maintainability
Occurrences
43
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$animKey".

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$css'.42
Category
Security
Occurrences
42
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$css'.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.37
Category
Security
Occurrences
37
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.14
Category
Maintainability
Occurrences
14
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().14
Category
Maintainability
Occurrences
14
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WARNINGMaintainabilityslow db query tax queryDetected usage of tax_query, possible slow query.10
Category
Maintainability
Occurrences
10
Severity
warning

Sample message

Detected usage of tax_query, possible slow query.

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;9
Category
Maintainability
Occurrences
9
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().8
Category
I18n
Occurrences
8
Severity
error

Sample message

Missing $domain parameter in function call to __().

ERRORSecurityDatabase parameter is not escapedUnescaped parameter $prefix used in $wpdb->query()\n$prefix assigned unsafely at line 38.7
Category
Security
Occurrences
7
Severity
error

Sample message

Unescaped parameter $prefix used in $wpdb->query()\n$prefix assigned unsafely at line 38.

Show 15 more
WARNINGSecurityInterpolated SQL is not prepared7
Category
Security
Occurrences
7
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable {$prefix} at "UPDATE `{$prefix}postmeta` SET `meta_value` = REPLACE(`meta_value`, '/', '-') WHERE meta_key = 'ptl-post-date'"

ERRORI18nText Domain Mismatch6
Category
I18n
Occurrences
6
Severity
error

Sample message

Mismatched text domain. Expected 'post-timeline' but got 'asl_wc'.

WARNINGMaintainabilityNon-prefixed hook name5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "ot_google_fonts_cache_key".

WARNINGMaintainabilityslow db query meta query4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Detected usage of meta_query, possible slow query.

ERRORSecuritySQL query is not prepared3
Category
Security
Occurrences
3
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $query

ERRORMaintainabilitywp function not compatible with requires wp3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

Function "wp_enqueue_code_editor()" requires WordPress 4.9.0, but your plugin minimum supported version is WordPress 4.8.0.

ERRORMaintainabilityOffloaded Content2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Found call to wp_enqueue_style() with external resource. Offloading styles to your servers or any remote service is disallowed.

WARNINGMaintainabilityslow db query meta key2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Detected usage of meta_key, possible slow query.

ERRORMaintainabilitydate date2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WARNINGMaintainabilityNon-prefixed function2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "ptl_blocks_starter_block_categories".

WARNINGMaintainabilityprevent path disclosure error reporting2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

error_reporting() can lead to full path disclosure.

WARNINGSecurityInput is not sanitized2
Category
Security
Occurrences
2
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_POST['ptl-social-rep']

WARNINGSecurityRequest data is not unslashed2
Category
Security
Occurrences
2
Severity
warning

Sample message

$_POST['ptl-social-rep'] not unslashed before sanitization. Use wp_unslash() or similar

ERRORMaintainabilitystrip tags strip tags2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.

WARNINGMaintainabilityNot In Footer2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

External Connections

Potential connections found in static code analysis.

85 domains

Outbound calls

246

External assets

4

Incoming endpoints

12

Notable Domains

posttimeline.com10 · outbound
promisesaplus.com7 · outbound
bugs.chromium.org4 · outbound
bugs.webkit.org3 · outbound
getbootstrap.com3 · outbound

Platform / Reference Domains

w3.org92 · platform/reference
github.com24 · platform/reference
opensource.org3 · platform/reference
dev.w3.org2 · platform/reference
gnu.org1 · platform/reference
wordpress.org1 · platform/reference

External Asset Domains

fonts.googleapis.com4 · asset + outbound
cdnjs.cloudflare.com3 · asset + outbound

Incoming Endpoints

wp_ajax_nopriv_ajax_post_timeline_deactivate_feedbackpublic

wp_ajax

wp_ajax_nopriv_ptl_load_postspublic

wp_ajax

wp_ajax_nopriv_ptl_popup_gallerypublic

wp_ajax

wp_ajax_nopriv_ptl_save_post_likepublic

wp_ajax

wp_ajax_nopriv_timeline_ajax_load_postspublic

wp_ajax

Admin AJAX endpoints7
wp_ajax_ajax_post_timeline_deactivate_feedbackauthenticated

wp_ajax

wp_ajax_ptl_ajax_handlerauthenticated

wp_ajax

wp_ajax_ptl_load_postsauthenticated

wp_ajax

wp_ajax_ptl_popup_galleryauthenticated

wp_ajax

wp_ajax_ptl_save_post_likeauthenticated

wp_ajax

wp_ajax_render_templateauthenticated

wp_ajax

wp_ajax_timeline_ajax_load_postsauthenticated

wp_ajax

Score History

First score snapshot

v2.4.3

29

Latest

Findings
291
Errors
91
Warnings
200
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins