PluginScore

Review Slider for WooCommerce

Display WooCommerce product reviews in a slider or grid on your homepage, shop page, or any post or page. Lightweight plugin with reviews stored local …

v1.6jgwhite33Updated Added 400 installs94% rating
product reviewsreview slidersocial prooftestimonial sliderwoocommerce reviews
33
Score
160
Errors
422
Warnings
+0
Change

Category Scores

Security0
Repo97
Performance100
Maintainability41

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

582 findings

Maintainability

336

12 issue groups

Security

236

11 issue groups

I18n

5

2 issue groups

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$allowed_keys".262
Category
Maintainability
Occurrences
262
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$allowed_keys".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.88
Category
Security
Occurrences
88
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunctionReference
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.32
Category
Security
Occurrences
32
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGSecurityRequest data is not unslashed$_GET['pnum'] not unslashed before sanitization. Use wp_unslash() or similar28
Category
Security
Occurrences
28
Severity
warning

Sample message

$_GET['pnum'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_GET['page']. Check that the array index exists before using it.27
Category
Security
Occurrences
27
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET['page']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.24
Category
Maintainability
Occurrences
24
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().21
Category
Maintainability
Occurrences
21
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $commentinfoarray21
Category
Security
Occurrences
21
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $commentinfoarray

WordPress.DB.PreparedSQL.NotPrepared
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<div id='error'>\n'.17
Category
Security
Occurrences
17
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<div id='error'>\n'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $table_name used in $wpdb-&gt;get_results()13
Category
Security
Occurrences
13
Severity
warning

Sample message

Unescaped parameter $table_name used in $wpdb-&gt;get_results()

PluginCheck.Security.DirectDB.UnescapedDBParameter
Show 15 more
ERRORMaintainabilityMissing direct file access protection9
Category
Maintainability
Occurrences
9
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
ERRORMaintainabilityOffloaded Content6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.

PluginCheck.CodeAnalysis.Offloading.OffloadedContent
WARNINGSecurityInterpolated SQL is not prepared6
Category
Security
Occurrences
6
Severity
warning

Sample message

Use placeholders and $wpdb-&gt;prepare(); found interpolated variable $table_name at &quot;DROP TABLE IF EXISTS $table_name&quot;

WordPress.DB.PreparedSQL.InterpolatedNotPrepared
WARNINGMaintainabilitySchema Change4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Attempting a database schema change is discouraged.

WordPress.DB.DirectDatabaseQuery.SchemaChange
ERRORI18nText Domain Mismatch4
Category
I18n
Occurrences
4
Severity
error

Sample message

Mismatched text domain. Expected 'review-slider-for-woocommerce' but got 'wp-google-reviews'.

WordPress.WP.I18n.TextDomainMismatchReference
ERRORMaintainabilitywp function not compatible with requires wp4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

Function "get_avatar_url()" requires WordPress 4.2.0, but your plugin minimum supported version is WordPress 3.0.1.

wp_function_not_compatible_with_requires_wpReference
ERRORSecurityDatabase parameter is not escaped2
Category
Security
Occurrences
2
Severity
error

Sample message

Unescaped parameter $query used in $wpdb->get_results()\n$query assigned unsafely at line 154.

PluginCheck.Security.DirectDB.UnescapedDBParameter
ERRORMaintainabilitydate date2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WordPress.DateTime.RestrictedFunctions.date_date
WARNINGI18nDiscouraged text-domain loading1
Category
I18n
Occurrences
1
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFoundReference
ERRORMaintainabilityOffloaded Content1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Found call to wp_register_style() with external resource. Offloading styles to your servers or any remote service is disallowed.

PluginCheck.CodeAnalysis.EnqueuedResourceOffloading.OffloadedContent
ERRORSecuritySetting is missing a sanitization callback1
Category
Security
Occurrences
1
Severity
error

Sample message

Sanitization missing for register_setting().

PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissingReference
WARNINGMaintainabilityNon-prefixed class1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: &quot;WPrev_Woo_Plugin_Action&quot;.

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound
WARNINGSecurityInput is not sanitized1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_REQUEST[&#039;_wpnonce&#039;]

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
ERRORMaintainabilitystrip tags strip tags1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.

WordPress.WP.AlternativeFunctions.strip_tags_strip_tags
WARNINGMaintainabilityMissing Version1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Resource version not set in call to wp_register_style(). This means new versions of the style may not always be loaded due to browser caching.

WordPress.WP.EnqueuedResourceParameters.MissingVersion

External Connections

Potential connections found in static code analysis.

12 domains

Outbound calls

28

External assets

7

Incoming endpoints

3

Notable Domains

facebook.com1 · outbound
maxcdn.bootstrapcdn.com1 · outbound
russkempphotography.com1 · outbound
sweetfantasies.co.uk1 · outbound
websitessandiego.com1 · outbound

Platform / Reference Domains

wordpress.org3 · platform/reference
github.com2 · platform/reference
gnu.org1 · platform/reference

External Asset Domains

wpreviewslider.com17 · asset + outbound
ljapps.com5 · asset + outbound
graph.facebook.com1 · asset
s3-us-west-2.amazonaws.com1 · asset

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints3
wp_ajax_srfw_find_reviewsauthenticated

wp_ajax

wp_ajax_srfw_get_resultsauthenticated

wp_ajax

wp_ajax_srfw_hide_reviewauthenticated

wp_ajax

Score History

First score snapshot

v1.6

33

Latest

Findings
582
Errors
160
Warnings
422
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

34 nodes

Related Plugins

Reviews Widgets for Google & 45+ platforms by Repuso

1k+ active installs

100
Gutena Star Ratings

1k+ active installs

97
Gutena Testimonial Slider

3k+ active installs

97
ProveSource Social Proof

2k+ active installs

96
Reviewkit – Trustpilot Reviews Widget & Embed

700 active installs

96
Real Testimonials – Testimonial Slider, Collect Customer Reviews and Video Testimonials

40k+ active installs

94