Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
919
8 issue groups
Maintainability
52
13 issue groups
I18n
9
2 issue groups
Performance
7
2 issue groups
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.472
- Category
- Security
- Occurrences
- 472
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<li><input type='checkbox' name='exclude-{$taxonomy->name}[{$term->term_id}]' id='exclude_{$term->term_id}' value='{$term->term_id}' checked='checked' /> <label for='exclude_{$term->term_id}'>"'.179
- Category
- Security
- Occurrences
- 179
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<li><input type='checkbox' name='exclude-{$taxonomy->name}[{$term->term_id}]' id='exclude_{$term->term_id}' value='{$term->term_id}' checked='checked' /> <label for='exclude_{$term->term_id}'>"'.
WARNINGSecurityRequest data is not unslashed$_GET['paged'] not unslashed before sanitization. Use wp_unslash() or similar137
- Category
- Security
- Occurrences
- 137
- Severity
- warning
Sample message
$_GET['paged'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_POST['_ajax_nonce']. Check that the array index exists before using it.91
- Category
- Security
- Occurrences
- 91
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_POST['_ajax_nonce']. Check that the array index exists before using it.
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['paged']28
- Category
- Security
- Occurrences
- 28
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_GET['paged']
ERRORMaintainabilitystrip tags strip tagsstrip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.12
- Category
- Maintainability
- Occurrences
- 12
- Severity
- error
Sample message
strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.
WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "_oembed_filter_feed_content".10
- Category
- Maintainability
- Occurrences
- 10
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "_oembed_filter_feed_content".
ERRORI18nMissing Translators CommentA function call to _e() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.6
- Category
- I18n
- Occurrences
- 6
- Severity
- error
Sample message
A function call to _e() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.5
- Category
- Security
- Occurrences
- 5
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGPerformancePost Not In excludeUsing exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.5
- Category
- Performance
- Occurrences
- 5
- Severity
- warning
Sample message
Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
Show 15 moreShow less
WARNINGMaintainabilityslow db query meta query4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
Detected usage of meta_query, possible slow query.
WARNINGMaintainabilityslow db query tax query4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
Detected usage of tax_query, possible slow query.
WARNINGSecurityNonce verification recommended4
- Category
- Security
- Occurrences
- 4
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGMaintainabilityDeprecated parameter: get_terms parameter 24
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
The parameter "array('hide_empty'=>false,'hierarchical'=>false,'number'=>1,)" at position #2 of get_terms() has been deprecated since WordPress version 4.5.0. Instead do not pass the parameter.
WARNINGMaintainabilityDirect Query3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo Caching3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORSecuritySQL query is not prepared3
- Category
- Security
- Occurrences
- 3
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $escapedPrefix
ERRORI18nUnordered Placeholders Text3
- Category
- I18n
- Occurrences
- 3
- Severity
- error
Sample message
Multiple placeholders in translatable strings should be ordered. Expected "%1$20c, %2$20f", but got "%20c, %20f" in '<strong>Внимание!</strong> Произвольные поля плагина <strong>Advanced Custom Fields</strong> необходимо обрабатывать <a target="_blank" href="https://ru.wordpress.org/plugins/rss-for-yandex-turbo/#%D1%88%D0%B0%D0%B1%D0%BB%D0%BE%D0%BD%D1%8B%20%D0%B8%20%D0%BF%D0%BB%D0%B0%D0%B3%D0%B8%D0%BD%20advanced%20custom%20fields">фильтром</a>.'.
ERRORMaintainabilityMissing direct file access protection3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGMaintainabilityNon-prefixed function2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "yt_permalink_func".
WARNINGMaintainabilityDiscouraged PHP function2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
wp_reset_query() is discouraged. Use wp_reset_postdata() instead.
WARNINGMaintainabilityNot In Footer2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.
WARNINGPerformancePost Not In post not in2
- Category
- Performance
- Occurrences
- 2
- Severity
- warning
Sample message
Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
ERRORMaintainabilitywp function not compatible with requires wp2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
Function "do_blocks()" requires WordPress 5.0.0, but your plugin minimum supported version is WordPress 4.4.0.
ERRORMaintainabilityrand mt rand1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
mt_rand() is discouraged. Use the far less predictable wp_rand() instead.
External Connections
Not analyzed yet.
Score History
First score snapshot
v1.32
32
Latest
- Findings
- 994
- Errors
- 687
- Warnings
- 307
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 32 | 994 | 687 | 307 | v1.32 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.