PluginScore

RSS Feed Pro

Display an RSS Feed in a widget, a page, or a post using a shortcode with any number of parameters. Sort the archive by Category, Year, and Author.

v1.1.12artiosmediaUpdated Added 500 installs100% rating0% support resolved
feedpodcastrssrss feedstreaming
33
Score
484
Errors
16
Warnings
+0
Change

Category Scores

Security0
Repo83
Performance100
Maintainability51

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

500 findings

Security

249

5 issue groups

Maintainability

148

8 issue groups

I18n

100

3 issue groups

Repo Compliance

3

3 issue groups

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$after_creator'.169
Category
Security
Occurrences
169
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$after_creator'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
ERRORMaintainabilitywp function not compatible with requires wpFunction "utf8_encode()" requires WordPress 6.9.0, but your plugin minimum supported version is WordPress 4.6.0.123
Category
Maintainability
Occurrences
123
Severity
error

Sample message

Function "utf8_encode()" requires WordPress 6.9.0, but your plugin minimum supported version is WordPress 4.6.0.

wp_function_not_compatible_with_requires_wpReference
ERRORI18nNon Singular String Literal DomainThe $domain parameter must be a single text string literal. Found: FB_RSSI_TEXTDOMAIN94
Category
I18n
Occurrences
94
Severity
error

Sample message

The $domain parameter must be a single text string literal. Found: FB_RSSI_TEXTDOMAIN

WordPress.WP.I18n.NonSingularStringLiteralDomainReference
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.73
Category
Security
Occurrences
73
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunctionReference
ERRORMaintainabilitystrip tags strip tagsstrip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.13
Category
Maintainability
Occurrences
13
Severity
error

Sample message

strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.

WordPress.WP.AlternativeFunctions.strip_tags_strip_tags
WARNINGMaintainabilityNon-prefixed constantGlobal constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "FB_RSSI_BASEFOLDER".6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "FB_RSSI_BASEFOLDER".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.3
Category
Security
Occurrences
3
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGSecurityRequest data is not unslashed$_POST['rssfp-meta-feed-url'] not unslashed before sanitization. Use wp_unslash() or similar3
Category
Security
Occurrences
3
Severity
warning

Sample message

$_POST['rssfp-meta-feed-url'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().3
Category
I18n
Occurrences
3
Severity
error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomainReference
ERRORI18nNon Singular String Literal TextThe $text parameter must be a single text string literal. Found: $default3
Category
I18n
Occurrences
3
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $default

WordPress.WP.I18n.NonSingularStringLiteralTextReference
Show 9 more
ERRORMaintainabilityMissing direct file access protection2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
WARNINGMaintainabilityDiscouraged PHP function1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

The use of function ini_set() is discouraged

Squiz.PHP.DiscouragedFunctions.Discouraged
WARNINGMaintainabilityNon-prefixed function1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "register_new_widget".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound
WARNINGMaintainabilityerror log print r1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_print_r
WARNINGSecurityInput is not sanitized1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_POST['rssfp_meta_nonce']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
ERRORMaintainabilityrand mt rand1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

mt_rand() is discouraged. Use the far less predictable wp_rand() instead.

WordPress.WP.AlternativeFunctions.rand_mt_rand
ERRORRepo Complianceinvalid license1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Your plugin has an invalid license declared. Please update your readme with a valid SPDX license identifier.

invalid_licenseReference
ERRORRepo Compliancelicense mismatch1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Your plugin has a different license declared in the readme file and plugin header. Please update your readme with a valid GPL license identifier.

license_mismatchReference
ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_headerReference

External Connections

Potential connections found in static code analysis.

7 domains

Outbound calls

15

External assets

0

Incoming endpoints

4

Notable Domains

feedurl.com2 · outbound
artiosmedia.com1 · outbound
toscho.de1 · outbound
zeffy.com1 · outbound

Platform / Reference Domains

wordpress.org8 · platform/reference
codex.wordpress.org1 · platform/reference
gnu.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

wp_ajax_nopriv_rssfp_sortpublic

wp_ajax

Admin AJAX endpoints3
wp_ajax_rfp_dismiss_noticeauthenticated

wp_ajax

wp_ajax_rfp_review_clickedauthenticated

wp_ajax

wp_ajax_rssfp_sortauthenticated

wp_ajax

Score History

First score snapshot

v1.1.12

33

Latest

Findings
500
Errors
484
Warnings
16
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

33 nodes

Related Plugins

Add Featured Image to RSS Feed

2k+ active installs

100
Disable Feeds WP

10k+ active installs

100
Display Remote Posts Block

800 active installs

100
HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player

10k+ active installs

100
Admin Dashboard RSS Feed

400 active installs

99
List MixCloud

400 active installs

99