Custom user profiles plugin ❤ with paid memberships, groups, communities, content restriction, user registration, messaging, WooCommerce memberships, …
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
2,650
12 issue groups
Security
200
9 issue groups
I18n
38
3 issue groups
Performance
6
1 issue group
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$account_error".2,013
- Category
- Maintainability
- Occurrences
- 2,013
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$account_error".
ERRORMaintainabilitywp function not compatible with requires wpFunction "get_avatar_url()" requires WordPress 4.2.0, but your plugin minimum supported version is WordPress 3.5.0.234
- Category
- Maintainability
- Occurrences
- 234
- Severity
- error
Sample message
Function "get_avatar_url()" requires WordPress 4.2.0, but your plugin minimum supported version is WordPress 3.5.0.
WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'activate_' . $plugin".163
- Category
- Maintainability
- Occurrences
- 163
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'activate_' . $plugin".
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;124
- Category
- Maintainability
- Occurrences
- 124
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $table at "SHOW COLUMNS FROM `$table` LIKE %s"35
- Category
- Security
- Occurrences
- 35
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $table at "SHOW COLUMNS FROM `$table` LIKE %s"
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.35
- Category
- Security
- Occurrences
- 35
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.32
- Category
- Security
- Occurrences
- 32
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.30
- Category
- Maintainability
- Occurrences
- 30
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().28
- Category
- Maintainability
- Occurrences
- 28
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$char_limit'.26
- Category
- Security
- Occurrences
- 26
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$char_limit'.
Show 15 moreShow less
ERRORI18nMissing Translators Comment26
- Category
- I18n
- Occurrences
- 26
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
WARNINGMaintainabilityupgrade notice limit25
- Category
- Maintainability
- Occurrences
- 25
- Severity
- warning
Sample message
The upgrade notice for "2.6.0" exceeds the limit of 300 characters.
WARNINGSecurityInput is not sanitized20
- Category
- Security
- Occurrences
- 20
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_FILES['blog_image']
ERRORSecuritySQL query is not prepared19
- Category
- Security
- Occurrences
- 19
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $data_sql
WARNINGSecurityRequest data is not unslashed15
- Category
- Security
- Occurrences
- 15
- Severity
- warning
Sample message
$_GET['pg_interval'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGMaintainabilityNon-prefixed class11
- Category
- Maintainability
- Occurrences
- 11
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "PM_Custom_Fields".
WARNINGSecurityInput is not validated11
- Category
- Security
- Occurrences
- 11
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_FILES['coverimg']. Check that the array index exists before using it.
ERRORSecurityDatabase parameter is not escaped7
- Category
- Security
- Occurrences
- 7
- Severity
- error
Sample message
Unescaped parameter $prepared_data_sql used in $wpdb->get_results()\n$prepared_data_sql assigned unsafely at line 3046.
ERRORI18nMissing Arg Domain7
- Category
- I18n
- Occurrences
- 7
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
WARNINGMaintainabilityNon-prefixed constant6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- warning
Sample message
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "PM_LOG_FILE".
ERRORMaintainabilityfile system operations fputs6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fputs().
WARNINGPerformancePost Not In exclude6
- Category
- Performance
- Occurrences
- 6
- Severity
- warning
Sample message
Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
WARNINGMaintainabilityslow db query meta key5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- warning
Sample message
Detected usage of meta_key, possible slow query.
WARNINGMaintainabilityslow db query meta query5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- warning
Sample message
Detected usage of meta_query, possible slow query.
ERRORI18nNon Singular String Literal Text5
- Category
- I18n
- Occurrences
- 5
- Severity
- error
Sample message
The $text parameter must be a single text string literal. Found: $tab['title']
External Connections
Not analyzed yet.
Score History
First score snapshot
v5.9.9.6
24
Latest
- Findings
- 2,936
- Errors
- 473
- Warnings
- 2,463
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 24 | 2,936 | 473 | 2,463 | v5.9.9.6 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.
Relationship links
Author
Category
Issue
Related
Author
Category
Issue
Related
Related Plugins
1k+ active installs
20k+ active installs
900 active installs
600 active installs
1k+ active installs