WP REST API – OAuth 1.0a Server

Connect applications to your WordPress site without ever giving away your password.

v0.4.4Joe HoyleUpdated Added 8k+ installs74% rating
38
Score
100
Errors
85
Warnings
+0
Change

Category Scores

Security0
Repo94
Performance100
Maintainability69

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

185 findings

I18n

88

1 issue group

Security

54

7 issue groups

Maintainability

42

10 issue groups

Repo Compliance

1

1 issue group

ERRORI18nText Domain MismatchMismatched text domain. Expected 'rest-api-oauth1' but got 'rest_oauth1'.88
Category
I18n
Occurrences
88
Severity
error

Sample message

Mismatched text domain. Expected 'rest-api-oauth1' but got 'rest_oauth1'.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.14
Category
Security
Occurrences
14
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "rest_oauth1_activation".13
Category
Maintainability
Occurrences
13
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "rest_oauth1_activation".

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['action']13
Category
Security
Occurrences
13
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['action']

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.8
Category
Security
Occurrences
8
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityRequest data is not unslashed$_GET['action'] not unslashed before sanitization. Use wp_unslash() or similar8
Category
Security
Occurrences
8
Severity
warning

Sample message

$_GET['action'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "WP_REST_Client".7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "WP_REST_Client".

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$registration_url".5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$registration_url".

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_SERVER['QUERY_STRING']. Check that the array index exists before using it.5
Category
Security
Occurrences
5
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_SERVER['QUERY_STRING']. Check that the array index exists before using it.

WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "oauth1_authorize_form".4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "oauth1_authorize_form".

Show 9 more
ERRORSecurityUnsafe printing function4
Category
Security
Occurrences
4
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

ERRORMaintainabilityMissing direct file access protection3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGMaintainabilityslow db query meta query2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Detected usage of meta_query, possible slow query.

WARNINGSecuritywp redirect wp redirect2
Category
Security
Occurrences
2
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WARNINGMaintainabilityDeprecated function: wp_get_sites2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

wp_get_sites() has been deprecated since WordPress version 4.6.0. Use get_sites() instead.

ERRORMaintainabilityDeprecated parameter: add_option parameter 32
Category
Maintainability
Occurrences
2
Severity
error

Sample message

The parameter "null" at position #3 of add_option() has been deprecated since WordPress version 2.3.0. Use "" instead.

WARNINGMaintainabilitytrademarked term2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "WP REST API - OAuth 1.0a Server" - contains the restricted term "wp" which cannot be used at all in your plugin name.

ERRORMaintainabilitywp function not compatible with requires wp2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Function "get_sites()" requires WordPress 4.6.0, but your plugin minimum supported version is WordPress 4.4.0.

ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.6 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

External Connections

Not analyzed yet.

Score History

First score snapshot

v0.4.4

38

Latest

Findings
185
Errors
100
Warnings
85
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

28 nodes

Related Plugins

Export Media URLs

7k+ active installs

100
Logged-in-only

700 active installs

100
Disable Gutenberg Autosave

2k+ active installs

99
Export All URLs

50k+ active installs

99