Manago AI & Leadoo AI

AI-powered Customer Engagement Platform for impact-hungry eCommerce marketing teams

v3.12.0Manago AIUpdated Added 1k+ installs60% rating
23
Score
644
Errors
429
Warnings
+1
Change

Category Scores

Security0
Repo86
Performance100
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

1,073 findings

Security

704

9 issue groups

Maintainability

341

15 issue groups

I18n

8

1 issue group

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.260
Category
Security
Occurrences
260
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<tr><td>$function</td><td>"'.228
Category
Security
Occurrences
228
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<tr><td>$function</td><td>"'.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.90
Category
Security
Occurrences
90
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$accountSettingsInputs&quot;.82
Category
Maintainability
Occurrences
82
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$accountSettingsInputs&quot;.

ERRORMaintainabilityShort PHP open tag foundShort PHP opening tag used with echo; expected "<?php echo $active ..." but found "<?= $active ..."65
Category
Maintainability
Occurrences
65
Severity
error

Sample message

Short PHP opening tag used with echo; expected "<?php echo $active ..." but found "<?= $active ..."

WARNINGMaintainabilityNon-prefixed namespaceNamespaces declared by a theme/plugin should start with the theme/plugin prefix. Found: &quot;bhr\Admin&quot;.61
Category
Maintainability
Occurrences
61
Severity
warning

Sample message

Namespaces declared by a theme/plugin should start with the theme/plugin prefix. Found: &quot;bhr\Admin&quot;.

WARNINGMaintainabilityerror log error logerror_log() found. Debug code should not normally be used in production.48
Category
Maintainability
Occurrences
48
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

WARNINGSecurityRequest data is not unslashed$_COOKIE[$name] not unslashed before sanitization. Use wp_unslash() or similar44
Category
Security
Occurrences
44
Severity
warning

Sample message

$_COOKIE[$name] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE[$name]42
Category
Security
Occurrences
42
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_COOKIE[$name]

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;26
Category
Maintainability
Occurrences
26
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

Show 15 more
WARNINGMaintainabilityerror log print r24
Category
Maintainability
Occurrences
24
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

WARNINGSecurityInput is not validated17
Category
Security
Occurrences
17
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET[&#039;action&#039;]. Check that the array index exists before using it.

ERRORMaintainabilitydate date16
Category
Maintainability
Occurrences
16
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

ERRORSecurityException output is not escaped15
Category
Security
Occurrences
15
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$arr is not an array!"'.

ERRORI18nMissing Arg Domain8
Category
I18n
Occurrences
8
Severity
error

Sample message

Missing $domain parameter in function call to __().

WARNINGSecurityMissing nonce verification6
Category
Security
Occurrences
6
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORMaintainabilitycurl curl setopt5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORMaintainabilityForbidden PHP function found2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

The use of function str_rot13() is forbidden

WARNINGMaintainabilityDynamic hook name2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$hook_name&quot;.

WARNINGMaintainabilityNon-prefixed constant2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;SM_VERSION&quot;.

WARNINGMaintainabilityNon-prefixed function2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: &quot;main_salesmanago&quot;.

WARNINGMaintainabilityerror log debug backtrace2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

debug_backtrace() found. Debug code should not normally be used in production.

WARNINGSecuritywp redirect wp redirect2
Category
Security
Occurrences
2
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the &quot;allowed_redirect_hosts&quot; filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

ERRORMaintainabilityfile system operations fclose2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

ERRORMaintainabilityfile system operations fopen2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

External Connections

Potential connections found in static code analysis.

15 domains

Outbound calls

49

External assets

1

Incoming endpoints

0

Notable Domains

support.manago.ai12 · outbound
manago.ai7 · outbound
php.net7 · outbound
api.salesmanago.com5 · outbound
leadoo.com4 · outbound

Platform / Reference Domains

github.com2 · platform/reference
w3.org1 · platform/reference

External Asset Domains

youtube.com1 · asset

Incoming Endpoints

No public endpoints detected.

Score History

2 score snapshots

+1
1007550250Jun 25, 2026, 12:01 AM UTC Score 22/100 Plugin v3.11.3 Plugin Check 2.0.0 645 errors, 429 warningsJun 29, 2026, 10:10 AM UTC Score 23/100 Plugin v3.12.0 Plugin Check 2.0.0 644 errors, 429 warningsJun 25, 2026Jun 29, 2026

v3.12.0

23

Latest

Findings
1,073
Errors
644
Warnings
429
Check
2.0.0

v3.11.3

22

Score

Findings
1,074
Errors
645
Warnings
429
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins

GetResponse Official

4k+ active installs

100
LeadConnector

20k+ active installs

100
98