Collect and manage event registrations with customizable forms, attendee management, and email templates. Start collecting registrations in minutes.
Category Scores
Top Issues by Category
security674
maintainability590
Issues Details
1,335 issues found in latest scan
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$actions".
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$actions'.
Processing form data without nonce verification.
Processing form data without nonce verification.
Use placeholders and $wpdb->prepare(); found interpolated variable $column_name at "ALTER TABLE $table_name ADD $column_name $type_name DEFAULT '' NOT NULL"
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
$_GET['email'] not unslashed before sanitization. Use wp_unslash() or similar
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
Detected usage of a possibly undefined superglobal array index: $_GET['id']. Check that the array index exists before using it.
The $text parameter must be a single text string literal. Found: $args['description']
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
Detected usage of a non-sanitized input variable: $_GET['page']
Missing $domain parameter in function call to esc_attr_e().
Unescaped parameter $in_clause used in $wpdb->get_results()\n$in_clause assigned unsafely at line 563.
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "the_title".
Detected usage of meta_query, possible slow query.
Attempting a database schema change is discouraged.
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
Unescaped parameter $occurrences_table used in $wpdb->get_results()\n$occurrences_table assigned unsafely at line 307.
Mismatched text domain. Expected 'registrations-for-the-events-calendar' but got 'icaltec'.
error_log() found. Debug code should not normally be used in production.
Detected usage of meta_key, possible slow query.
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$actions". | 419 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$actions'. | 263 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 102 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 83 |
| WordPress.DB.PreparedSQL.InterpolatedNotPrepared | WARNING | Use placeholders and $wpdb->prepare(); found interpolated variable $column_name at "ALTER TABLE $table_name ADD $column_name $type_name DEFAULT '' NOT NULL" | 78 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 59 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 56 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET['email'] not unslashed before sanitization. Use wp_unslash() or similar | 43 |
| WordPress.Security.EscapeOutput.UnsafePrintingFunction | ERROR | All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. | 39 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_GET['id']. Check that the array index exists before using it. | 23 |
| WordPress.WP.I18n.NonSingularStringLiteralText | ERROR | The $text parameter must be a single text string literal. Found: $args['description'] | 22 |
| WordPress.DateTime.RestrictedFunctions.date_date | ERROR | date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead. | 19 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_GET['page'] | 17 |
| WordPress.WP.I18n.MissingArgDomain | ERROR | Missing $domain parameter in function call to esc_attr_e(). | 15 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | ERROR | Unescaped parameter $in_clause used in $wpdb->get_results()\n$in_clause assigned unsafely at line 563. | 11 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "the_title". | 11 |
| WordPress.DB.PreparedSQL.NotPrepared | ERROR | Use placeholders and $wpdb->prepare(); found $query | 9 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_query | WARNING | Detected usage of meta_query, possible slow query. | 9 |
| WordPress.DB.DirectDatabaseQuery.SchemaChange | WARNING | Attempting a database schema change is discouraged. | 7 |
| WordPress.WP.I18n.MissingTranslatorsComment | ERROR | A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. | 7 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter $occurrences_table used in $wpdb->get_results()\n$occurrences_table assigned unsafely at line 307. | 6 |
| WordPress.WP.I18n.TextDomainMismatch | ERROR | Mismatched text domain. Expected 'registrations-for-the-events-calendar' but got 'icaltec'. | 5 |
| WordPress.PHP.DevelopmentFunctions.error_log_error_log | WARNING | error_log() found. Debug code should not normally be used in production. | 4 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_key | WARNING | Detected usage of meta_key, possible slow query. | 3 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 3 |
Latest Snapshot
Findings
1,335
Errors
404
Warnings
931
Score History
First score snapshot
First scan completed
v3.1 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
v3.1
24
Latest
- Findings
- 1,335
- Errors
- 404
- Warnings
- 931
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Latest | 24 | 1,335 | 404 | 931 | v3.1 | 2.0.0 | 2026.06-mvp-static-v2 |
