Top Issues by Category
security41
maintainability16
Issues Details
59 issues found in latest scan
Detected usage of a possibly undefined superglobal array index: $_POST['active']. Check that the array index exists before using it.
$_POST['active'] not unslashed before sanitization. Use wp_unslash() or similar
Detected usage of a non-sanitized input variable: $_POST['active']
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.
Attempting a database schema change is discouraged.
Processing form data without nonce verification.
Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching.
Plugin name "Remove admin menus by role" is different from the name declared in plugin header "Remove admin menus by roles".
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
The "Network" header in the plugin file is not valid. Can only be set to true, and should be left out when not needed.
Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_POST['active']. Check that the array index exists before using it. | 17 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_POST['active'] not unslashed before sanitization. Use wp_unslash() or similar | 13 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_POST['active'] | 10 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 5 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 5 |
| WordPress.WP.AlternativeFunctions.strip_tags_strip_tags | ERROR | strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead. | 2 |
| WordPress.DB.DirectDatabaseQuery.SchemaChange | WARNING | Attempting a database schema change is discouraged. | 1 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 1 |
| WordPress.WP.EnqueuedResourceParameters.MissingVersion | WARNING | Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching. | 1 |
| mismatched_plugin_name | WARNING | Plugin name "Remove admin menus by role" is different from the name declared in plugin header "Remove admin menus by roles". | 1 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 1 |
| plugin_header_invalid_network | ERROR | The "Network" header in the plugin file is not valid. Can only be set to true, and should be left out when not needed. | 1 |
| plugin_header_no_license | ERROR | Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license. | 1 |
Latest Snapshot
Findings
59
Errors
5
Warnings
54
Score History
First score snapshot
First scan completed Jun 20, 2026
v1.38 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v1.38
57
Latest
- Findings
- 59
- Errors
- 5
- Warnings
- 54
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 57 | 59 | 5 | 54 | v1.38 | 2.0.0 | 2026.06-mvp-static-v2 |
