Easily reorder posts, pages, custom post types, and taxonomies with intuitive drag-and-drop sorting in the WordPress admin.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
64
9 issue groups
Security
22
7 issue groups
I18n
1
1 issue group
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.29
- Category
- Maintainability
- Occurrences
- 29
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().23
- Category
- Maintainability
- Occurrences
- 23
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.11
- Category
- Security
- Occurrences
- 11
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $query5
- Category
- Security
- Occurrences
- 5
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $query
WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "scp_update_menu_order".3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "scp_update_menu_order".
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$options".3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$options".
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$post_id'.2
- Category
- Security
- Occurrences
- 2
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$post_id'.
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGI18nDiscouraged text-domain loadingload_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.1
- Category
- I18n
- Occurrences
- 1
- Severity
- warning
Sample message
load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.
WARNINGMaintainabilitySchema ChangeAttempting a database schema change is discouraged.1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Attempting a database schema change is discouraged.
Show 7 moreShow less
WARNINGSecurityInterpolated SQL is not prepared1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $placeholders at "UPDATE $wpdb->posts SET `menu_order` = 0 WHERE `post_type` IN ($placeholders)"
WARNINGSecurityUnfinished Prepare1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
Replacement variables found, but no valid placeholders found in the query.
WARNINGMaintainabilityNon-prefixed class1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Simple_Review".
WARNINGSecurityInput is not sanitized1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_SERVER['REQUEST_URI']
WARNINGSecurityRequest data is not unslashed1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
$_SERVER['REQUEST_URI'] not unslashed before sanitization. Use wp_unslash() or similar
ERRORMaintainabilityfive star reviews detected1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Linking directly to 5 stars reviews is not allowed.
WARNINGMaintainabilityupgrade notice limit1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
The upgrade notice for "2.7.0" exceeds the limit of 300 characters.
Score History
2 score snapshots
v2.8.1
48
Latest
- Findings
- 87
- Errors
- 10
- Warnings
- 77
- Check
- 2.0.0
v2.8.0
48
Score
- Findings
- 87
- Errors
- 10
- Warnings
- 77
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 48 | 87 | 10 | 77 | v2.8.1 | 2.0.0 |
| 48 | 87 | 10 | 77 | v2.8.0 | 2.0.0 |
Related Plugins
3k+ active installs
1k+ active installs
9k+ active installs
400k+ active installs
10k+ active installs
600k+ active installs