PluginScore

Quill Forms | Conversational Multi Step Forms, Surveys & quizzes

Quill Forms - Conversational WordPress Form Builder

v5.6.1Mohamed MagdyUpdated Added 3k+ installs96% rating0% support resolved
conversationalformsquillsurveytypeform
20
Score
401
Errors
368
Warnings
+0
Change

Category Scores

Security0
Repo64
Performance100
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

769 findings

Maintainability

323

15 issue groups

I18n

217

1 issue group

Security

201

8 issue groups

Supply Chain

6

1 issue group

ERRORI18nText Domain MismatchMismatched text domain. Expected 'quillforms' but got 'action-scheduler'.217
Category
I18n
Occurrences
217
Severity
error

Sample message

Mismatched text domain. Expected 'quillforms' but got 'action-scheduler'.

WordPress.WP.I18n.TextDomainMismatchReference
ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"The bulk action $action does not have a callback method"'.115
Category
Security
Occurrences
115
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"The bulk action $action does not have a callback method"'.

WordPress.Security.EscapeOutput.ExceptionNotEscapedReference
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.99
Category
Maintainability
Occurrences
99
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().86
Category
Maintainability
Occurrences
86
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $additional used in $wpdb->get_results()\n$additional assigned unsafely at line 602.28
Category
Security
Occurrences
28
Severity
warning

Sample message

Unescaped parameter $additional used in $wpdb->get_results()\n$additional assigned unsafely at line 602.

PluginCheck.Security.DirectDB.UnescapedDBParameter
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;24
Category
Maintainability
Occurrences
24
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "BatchFetcher_Test".19
Category
Maintainability
Occurrences
19
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "BatchFetcher_Test".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$api_key".18
Category
Maintainability
Occurrences
18
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$api_key".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
WARNINGSecurityRequest data is not unslashed$_GET['addon'] not unslashed before sanitization. Use wp_unslash() or similar18
Category
Security
Occurrences
18
Severity
warning

Sample message

$_GET['addon'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
ERRORMaintainabilityblock api version too lowEditor blocks must define "apiVersion" 3 or higher in block.json for WordPress 7.0+ iframe editor compatibility.15
Category
Maintainability
Occurrences
15
Severity
error

Sample message

Editor blocks must define "apiVersion" 3 or higher in block.json for WordPress 7.0+ iframe editor compatibility.

block_api_version_too_lowReference
Show 15 more
WARNINGMaintainabilityNon-prefixed function13
Category
Maintainability
Occurrences
13
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "as_enqueue_async_action".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound
WARNINGSecurityInput is not sanitized12
Category
Security
Occurrences
12
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['addon']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGMaintainabilityNon-prefixed hook name10
Category
Maintainability
Occurrences
10
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
WARNINGSecurityMissing nonce verification10
Category
Security
Occurrences
10
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
ERRORMaintainabilitywp function not compatible with requires wp10
Category
Maintainability
Occurrences
10
Severity
error

Sample message

Function "rest_filter_response_by_context()" requires WordPress 5.5.0, but your plugin minimum supported version is WordPress 5.4.0.

wp_function_not_compatible_with_requires_wpReference
WARNINGMaintainabilityDiscouraged PHP function8
Category
Maintainability
Occurrences
8
Severity
warning

Sample message

The use of function ini_set() is discouraged

Squiz.PHP.DiscouragedFunctions.Discouraged
WARNINGSecurityInput is not validated8
Category
Security
Occurrences
8
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET['addon']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
WARNINGSecurityInterpolated SQL is not prepared6
Category
Security
Occurrences
6
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $entries_table at "SHOW TABLES LIKE '$entries_table'"

WordPress.DB.PreparedSQL.InterpolatedNotPrepared
WARNINGMaintainabilityNon-prefixed constant6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DONOTCACHCEOBJECT".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound
ERRORSupply ChainHidden files included6
Category
Supply Chain
Occurrences
6
Severity
error

Sample message

Hidden files are not permitted.

hidden_files
WARNINGMaintainabilitySchema Change4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Attempting a database schema change is discouraged.

WordPress.DB.DirectDatabaseQuery.SchemaChange
WARNINGMaintainabilityDynamic hook name4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$hook".

WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound
WARNINGSecurityNonce verification recommended4
Category
Security
Occurrences
4
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
ERRORMaintainabilityNon Enqueued Stylesheet4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

Stylesheets must be registered/enqueued via wp_enqueue_style()

WordPress.WP.EnqueuedResources.NonEnqueuedStylesheet
WARNINGMaintainabilityslow db query meta key3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Detected usage of meta_key, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_key

External Connections

Not analyzed yet.

Score History

First score snapshot

v5.6.1

20

Latest

Findings
769
Errors
401
Warnings
368
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

29 nodes

Related

Yoast SEO – Advanced SEO with real-time guidance and built-in AI24 scoreSite Kit by Google – Analytics, Search Console, AdSense, Speed25 scoreWordfence Security – Firewall, Malware Scan, and Login Security21 scoreJetpack – WP Security, Backup, Speed, & Growth23 scoreLiteSpeed Cache35 scoreWooCommerce22 scoreWP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin36 scoreReally Simple Security – Simple and Performant Security (formerly Really Simple SSL)19 scoreWPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More31 scoreFluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder22 scoreForminator Forms – Contact Form, Payment Form & Custom Form Builder24 scoreNinja Forms – The Contact Form Builder That Grows With You23 scoreSureForms – Drag & Drop Contact Form & Form Builder, Payment Form, Survey, Quiz & Calculator24 scoreCMB236 score

Related Plugins

Crowdsignal Forms

200k+ active installs

100
LeadConnector

20k+ active installs

100
Superb Addons: Blocks, Patterns, Pre-built Pages, Sliders, Popups, Free Forms, Animations & More

80k+ active installs

100
WS Form LITE – Drag & Drop Contact Form Builder

10k+ active installs

100
Online Forms — Customizable Payment, Contact, Quiz, Survey Form Builder – Jotform

20k+ active installs

99
GravityWP – Count

2k+ active installs

98