Lightweight, user-friendly and customizable cookie consent banner to help you comply with the EU GDPR cookie law and CCPA regulations.
Category Scores
Top Issues by Category
security190
maintainability93
Issues Details
298 issues found in latest scan
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$name not found on class"'.
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$alignment".
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"--cc-font-family: {$font_family};\n"'.
Detected usage of a non-sanitized input variable: $_SERVER['HTTP_COOKIE']
$_SERVER['HTTP_COOKIE'] not unslashed before sanitization. Use wp_unslash() or similar
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
Unescaped parameter $table_name used in $wpdb->get_results()\n$table_name assigned unsafely at line 234.
Use placeholders and $wpdb->prepare(); found interpolated variable {$table_name} at "SELECT * FROM {$table_name} ORDER BY created_at DESC LIMIT %d OFFSET %d"
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
trigger_error() found. Debug code should not normally be used in production.
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
var_export() found. Debug code should not normally be used in production.
Processing form data without nonce verification.
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
set_error_handler() found. Debug code should not normally be used in production.
Processing form data without nonce verification.
Detected usage of a possibly undefined superglobal array index: $_SERVER['HTTP_HOST']. Check that the array index exists before using it.
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.Security.EscapeOutput.ExceptionNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$name not found on class"'. | 134 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$alignment". | 30 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"--cc-font-family: {$font_family};\n"'. | 17 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_SERVER['HTTP_COOKIE'] | 11 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_SERVER['HTTP_COOKIE'] not unslashed before sanitization. Use wp_unslash() or similar | 11 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 8 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fopen | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen(). | 8 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 7 |
| WordPress.WP.AlternativeFunctions.curl_curl_setopt | ERROR | Using cURL functions is highly discouraged. Use wp_remote_get() instead. | 6 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter $table_name used in $wpdb->get_results()\n$table_name assigned unsafely at line 234. | 5 |
| WordPress.DB.PreparedSQL.InterpolatedNotPrepared | WARNING | Use placeholders and $wpdb->prepare(); found interpolated variable {$table_name} at "SELECT * FROM {$table_name} ORDER BY created_at DESC LIMIT %d OFFSET %d" | 5 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 5 |
| WordPress.PHP.DevelopmentFunctions.error_log_trigger_error | WARNING | trigger_error() found. Debug code should not normally be used in production. | 4 |
| WordPress.WP.AlternativeFunctions.parse_url_parse_url | ERROR | parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead. | 4 |
| WordPress.PHP.DevelopmentFunctions.error_log_var_export | WARNING | var_export() found. Debug code should not normally be used in production. | 3 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 3 |
| WordPress.WP.AlternativeFunctions.curl_curl_close | ERROR | Using cURL functions is highly discouraged. Use wp_remote_get() instead. | 3 |
| WordPress.WP.AlternativeFunctions.curl_curl_exec | ERROR | Using cURL functions is highly discouraged. Use wp_remote_get() instead. | 3 |
| WordPress.WP.AlternativeFunctions.curl_curl_getinfo | ERROR | Using cURL functions is highly discouraged. Use wp_remote_get() instead. | 3 |
| WordPress.WP.AlternativeFunctions.curl_curl_init | ERROR | Using cURL functions is highly discouraged. Use wp_remote_get() instead. | 3 |
| WordPress.PHP.DevelopmentFunctions.error_log_set_error_handler | WARNING | set_error_handler() found. Debug code should not normally be used in production. | 2 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 2 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_SERVER['HTTP_HOST']. Check that the array index exists before using it. | 2 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fclose | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose(). | 2 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fwrite | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite(). | 2 |
Latest Snapshot
Findings
298
Errors
203
Warnings
95
Score History
First score snapshot
First scan completed Jun 20, 2026
v1.9.1 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v1.9.1
26
Latest
- Findings
- 298
- Errors
- 203
- Warnings
- 95
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 26 | 298 | 203 | 95 | v1.9.1 | 2.0.0 | 2026.06-mvp-static-v2 |
