WordPress multi-level security scanner detecting malware, 0-day threats, brute-force attacks, bot attacks, and unauthorized admin changes.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
486
17 issue groups
Security
244
7 issue groups
I18n
20
1 issue group
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$a".129
- Category
- Maintainability
- Occurrences
- 129
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$a".
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$argv[1] is not a file or dir\n"'.108
- Category
- Security
- Occurrences
- 108
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$argv[1] is not a file or dir\n"'.
ERRORMaintainabilitywp function not compatible with requires wpFunction "sanitize_textarea_field()" requires WordPress 4.7.0, but your plugin minimum supported version is WordPress 3.3.2.59
- Category
- Maintainability
- Occurrences
- 59
- Severity
- error
Sample message
Function "sanitize_textarea_field()" requires WordPress 4.7.0, but your plugin minimum supported version is WordPress 3.3.2.
WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "clean_db_scan_hook".42
- Category
- Maintainability
- Occurrences
- 42
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "clean_db_scan_hook".
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.40
- Category
- Security
- Occurrences
- 40
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityRequest data is not unslashed$_GET['page'] not unslashed before sanitization. Use wp_unslash() or similar37
- Category
- Security
- Occurrences
- 37
- Severity
- warning
Sample message
$_GET['page'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "CQtrAdminUsersMonitor".35
- Category
- Maintainability
- Occurrences
- 35
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "CQtrAdminUsersMonitor".
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;32
- Category
- Maintainability
- Occurrences
- 32
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.30
- Category
- Maintainability
- Occurrences
- 30
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().29
- Category
- Maintainability
- Occurrences
- 29
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Show 15 moreShow less
WARNINGMaintainabilityNon-prefixed constant24
- Category
- Maintainability
- Occurrences
- 24
- Severity
- warning
Sample message
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "ALARM_BODY_PREVIEW_LENGTH".
WARNINGSecurityInput is not sanitized23
- Category
- Security
- Occurrences
- 23
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_GET['page']
ERRORI18nMissing Arg Domain20
- Category
- I18n
- Occurrences
- 20
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
WARNINGSecurityInterpolated SQL is not prepared17
- Category
- Security
- Occurrences
- 17
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable {$alarms_table} at "DROP TABLE IF EXISTS `{$alarms_table}`"
ERRORMaintainabilitydate date17
- Category
- Maintainability
- Occurrences
- 17
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
ERRORMaintainabilityfile system operations fclose17
- Category
- Maintainability
- Occurrences
- 17
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
WARNINGMaintainabilityDiscouraged PHP function16
- Category
- Maintainability
- Occurrences
- 16
- Severity
- warning
Sample message
The use of function ini_set() is discouraged
ERRORMaintainabilityNon Enqueued Script16
- Category
- Maintainability
- Occurrences
- 16
- Severity
- error
Sample message
Scripts must be registered/enqueued via wp_enqueue_script()
WARNINGSecurityNonce verification recommended14
- Category
- Security
- Occurrences
- 14
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORMaintainabilityfile system operations fopen14
- Category
- Maintainability
- Occurrences
- 14
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
WARNINGMaintainabilityNon-prefixed hook name8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "qtr_bf_allowlist_cidrs".
ERRORMaintainabilitycurl curl setopt6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilityfile system operations fread6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread().
ERRORMaintainabilityfile system operations fwrite6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().
WARNINGSecurityDatabase parameter is not escaped5
- Category
- Security
- Occurrences
- 5
- Severity
- warning
Sample message
Unescaped parameter $alarms_table used in $wpdb->query()\n$alarms_table assigned unsafely at line 638.
Score History
2 score snapshots
v4.1.0.15
25
Latest
- Findings
- 805
- Errors
- 334
- Warnings
- 471
- Check
- 2.0.0
v4.1.0.14
25
Score
- Findings
- 805
- Errors
- 334
- Warnings
- 471
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 25 | 805 | 334 | 471 | v4.1.0.15 | 2.0.0 |
| 25 | 805 | 334 | 471 | v4.1.0.14 | 2.0.0 |
Related Plugins
10k+ active installs
200k+ active installs
2k+ active installs
1m+ active installs
80k+ active installs
4k+ active installs