PluginScore

Shortcoder — Create Shortcodes for Anything

Create custom "Shortcodes" easily for HTML, JavaScript, CSS code snippets and use the shortcodes within posts, pages & widgets

v6.5.3vaakashUpdated Added 100k+ installs98% rating0% support resolved
codehtmljavascriptshortcodesnippets
37
Score
25
Errors
70
Warnings
+0
Change

Category Scores

Security0
Repo89
Performance100
Maintainability69

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

95 findings

Maintainability

58

11 issue groups

Security

35

7 issue groups

Repo Compliance

2

2 issue groups

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$cleaned".20
Category
Maintainability
Occurrences
20
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$cleaned".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "sc_do_after".13
Category
Maintainability
Occurrences
13
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "sc_do_after".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$editor['switch_html']'.13
Category
Security
Occurrences
13
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$editor['switch_html']'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGSecurityRequest data is not unslashed$_POST[$key] not unslashed before sanitization. Use wp_unslash() or similar7
Category
Security
Occurrences
7
Severity
warning

Sample message

$_POST[$key] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "SC_Admin".6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "SC_Admin".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound
WARNINGMaintainabilityNon-prefixed constantGlobal constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "SC_ADMIN_URL".6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "SC_ADMIN_URL".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.6
Category
Security
Occurrences
6
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST[$key]4
Category
Security
Occurrences
4
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_POST[$key]

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGMaintainabilityNot In FooterIn footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WordPress.WP.EnqueuedResourceParameters.NotInFooter
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.2
Category
Security
Occurrences
2
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunctionReference
Show 10 more
WARNINGSecurityNonce verification recommended2
Category
Security
Occurrences
2
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
ERRORMaintainabilityNon Enqueued Script2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Scripts must be registered/enqueued via wp_enqueue_script()

WordPress.WP.EnqueuedResources.NonEnqueuedScript
ERRORMaintainabilityMissing direct file access protection2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
ERRORMaintainabilitywp function not compatible with requires wp2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Function "do_blocks()" requires WordPress 5.0.0, but your plugin minimum supported version is WordPress 4.9.0.

wp_function_not_compatible_with_requires_wpReference
ERRORMaintainabilityOffloaded Content1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.

PluginCheck.CodeAnalysis.Offloading.OffloadedContent
WARNINGSecurityInput is not validated1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_SERVER['REQUEST_URI']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
ERRORMaintainabilityNon Enqueued Stylesheet1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Stylesheets must be registered/enqueued via wp_enqueue_style()

WordPress.WP.EnqueuedResources.NonEnqueuedStylesheet
WARNINGMaintainabilitymismatched plugin name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Plugin name "Shortcoder — Create Shortcodes for Anything" is different from the name declared in plugin header "Shortcoder".

mismatched_plugin_nameReference
ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_headerReference
ERRORRepo Complianceplugin header no license1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.

plugin_header_no_licenseReference

Score History

First score snapshot

v6.5.3

37

Latest

Findings
95
Errors
25
Warnings
70
Check
2.0.0

Related Plugins

Advance Custom HTML – Show Live Code, Share Snippets, Embed Code, and Style Them Your Way.

10k+ active installs

100
Code Embed

10k+ active installs

100
Email addon for CF7

3k+ active installs

100
Events Shortcodes For The Events Calendar

10k+ active installs

100
Menu In Post

2k+ active installs

100
Shortcode Redirect

10k+ active installs

100