SendPress Newsletters

A Newsletter Plugin for WordPress to create, send, manage and track your Newsletters in one place.

v1.26.1.20brewlabsUpdated Added 2k+ installs90% rating0% support resolved
19
Score
2,293
Errors
1,422
Warnings
+0
Change

Category Scores

Security0
Repo63
Performance100
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

3,715 findings

Security

2,517

13 issue groups

Maintainability

928

10 issue groups

I18n

83

2 issue groups

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '")</small>$t<br>"'.843
Category
Security
Occurrences
843
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '")</small>$t<br>"'.

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.721
Category
Security
Occurrences
721
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.215
Category
Maintainability
Occurrences
215
Severity
warning

Sample message

Use of a direct database call is discouraged.

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;203
Category
Maintainability
Occurrences
203
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().201
Category
Maintainability
Occurrences
201
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.152
Category
Security
Occurrences
152
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityRequest data is not unslashed$_GET[$field] not unslashed before sanitization. Use wp_unslash() or similar134
Category
Security
Occurrences
134
Severity
warning

Sample message

$_GET[$field] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb-&gt;prepare(); found interpolated variable $column at &quot;SELECT $column FROM $this-&gt;table_name WHERE $column_where = %s LIMIT 1;&quot;122
Category
Security
Occurrences
122
Severity
warning

Sample message

Use placeholders and $wpdb-&gt;prepare(); found interpolated variable $column at &quot;SELECT $column FROM $this-&gt;table_name WHERE $column_where = %s LIMIT 1;&quot;

ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $clean_list_query122
Category
Security
Occurrences
122
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $clean_list_query

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_FILES[&#039;uploadfiles&#039;]105
Category
Security
Occurrences
105
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_FILES[&#039;uploadfiles&#039;]

Show 15 more
ERRORMaintainabilitydate date103
Category
Maintainability
Occurrences
103
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WARNINGSecurityInput is not validated103
Category
Security
Occurrences
103
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_FILES[&#039;uploadfiles&#039;]. Check that the array index exists before using it.

WARNINGMaintainabilityNon-prefixed global variable102
Category
Maintainability
Occurrences
102
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$_tests_dir&quot;.

ERRORSecurityDatabase parameter is not escaped78
Category
Security
Occurrences
78
Severity
error

Sample message

Unescaped parameter $clean_list_query used in $wpdb->query()\n$clean_list_query assigned unsafely at line 939.

WARNINGSecurityDatabase parameter is not escaped76
Category
Security
Occurrences
76
Severity
warning

Sample message

Unescaped parameter $subscriber_events_table used in $wpdb-&gt;get_var()\n$subscriber_events_table assigned unsafely at line 188.

ERRORI18nNon Singular String Literal Domain47
Category
I18n
Occurrences
47
Severity
error

Sample message

The $domain parameter must be a single text string literal. Found: $this->plugin_name

ERRORI18nMissing Arg Domain36
Category
I18n
Occurrences
36
Severity
error

Sample message

Missing $domain parameter in function call to __().

WARNINGMaintainabilityNon-prefixed hook name28
Category
Maintainability
Occurrences
28
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: &quot;cron_request&quot;.

WARNINGSecuritywp redirect wp redirect27
Category
Security
Occurrences
27
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the &quot;allowed_redirect_hosts&quot; filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WARNINGMaintainabilityslow db query meta key25
Category
Maintainability
Occurrences
25
Severity
warning

Sample message

Detected usage of meta_key, possible slow query.

WARNINGMaintainabilityslow db query meta query20
Category
Maintainability
Occurrences
20
Severity
warning

Sample message

Detected usage of meta_query, possible slow query.

ERRORSecurityException output is not escaped18
Category
Security
Occurrences
18
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"CURL error: $errno - $error"'.

WARNINGMaintainabilitySchema Change16
Category
Maintainability
Occurrences
16
Severity
warning

Sample message

Attempting a database schema change is discouraged.

WARNINGSecurityNonce verification recommended16
Category
Security
Occurrences
16
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityerror log print r15
Category
Maintainability
Occurrences
15
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

External Connections

Not analyzed yet.

Score History

First score snapshot

v1.26.1.20

19

Latest

Findings
3,715
Errors
2,293
Warnings
1,422
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

29 nodes

Related Plugins