Track changes and user activities on your WordPress site. See who created a page, uploaded an attachment, and more, for a complete audit trail.
Category Scores
Top Issues by Category
maintainability95
security56
supply_chain2
Issues Details
154 issues found in latest scan
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$allowed_html".
Unescaped parameter $context_table_name used in $wpdb->get_col()\n$context_table_name assigned unsafely at line 931.
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().
Function "wp_admin_notice()" requires WordPress 6.4.0, but your plugin minimum supported version is WordPress 6.3.0.
Sanitization missing for register_setting().
Plugin Updater detected. Detected code which may be altering WordPress update routines. Detected: _site_transient_update_core
The use of function _cleanup_header_comment() is forbidden
The use of function set_time_limit() is discouraged
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().
unlink() is discouraged. Use wp_delete_file() to delete a file.
Plugin name "Simple History – Track, Log, and Audit WordPress Changes" is different from the name declared in plugin header "Simple History".
Plugin Updater detected. These are not permitted in WordPress.org hosted plugins. Detected: site_transient_update_plugins
The "Changelog" section is too long and was truncated. A maximum of 5000 characters is supported.
The plugin name includes a restricted term. Your chosen plugin name - "Simple History – Track, Log, and Audit WordPress Changes" - contains the restricted term "wordpress" which cannot be used at all in your plugin name.
Unexpected markdown file "readme.issue.fse-logging.md" detected in plugin root. Only specific markdown files are expected in production plugins.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$allowed_html". | 61 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter $context_table_name used in $wpdb->get_col()\n$context_table_name assigned unsafely at line 931. | 54 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 7 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fwrite | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite(). | 6 |
| application_detected | ERROR | Application files are not permitted. | 4 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "wp_admin_notice()" requires WordPress 6.4.0, but your plugin minimum supported version is WordPress 6.3.0. | 4 |
| PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissing | ERROR | Sanitization missing for register_setting(). | 2 |
| hidden_files | ERROR | Hidden files are not permitted. | 2 |
| update_modification_detected | WARNING | Plugin Updater detected. Detected code which may be altering WordPress update routines. Detected: _site_transient_update_core | 2 |
| Generic.PHP.ForbiddenFunctions.Found | ERROR | The use of function _cleanup_header_comment() is forbidden | 1 |
| Squiz.PHP.DiscouragedFunctions.Discouraged | WARNING | The use of function set_time_limit() is discouraged | 1 |
| WordPress.WP.AlternativeFunctions.file_system_operations_chmod | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod(). | 1 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fclose | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose(). | 1 |
| WordPress.WP.AlternativeFunctions.file_system_operations_is_writable | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable(). | 1 |
| WordPress.WP.AlternativeFunctions.unlink_unlink | ERROR | unlink() is discouraged. Use wp_delete_file() to delete a file. | 1 |
| five_star_reviews_detected | ERROR | Linking directly to 5 stars reviews is not allowed. | 1 |
| mismatched_plugin_name | WARNING | Plugin name "Simple History – Track, Log, and Audit WordPress Changes" is different from the name declared in plugin header "Simple History". | 1 |
| plugin_updater_detected | ERROR | Plugin Updater detected. These are not permitted in WordPress.org hosted plugins. Detected: site_transient_update_plugins | 1 |
| readme_parser_warnings_trimmed_section_changelog | WARNING | The "Changelog" section is too long and was truncated. A maximum of 5000 characters is supported. | 1 |
| trademarked_term | WARNING | The plugin name includes a restricted term. Your chosen plugin name - "Simple History – Track, Log, and Audit WordPress Changes" - contains the restricted term "wordpress" which cannot be used at all in your plugin name. | 1 |
| unexpected_markdown_file | WARNING | Unexpected markdown file "readme.issue.fse-logging.md" detected in plugin root. Only specific markdown files are expected in production plugins. | 1 |
Latest Snapshot
Findings
154
Errors
32
Warnings
122
Score History
First score snapshot
First scan completed Jun 19, 2026
v5.29.0 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 19, 2026
v5.29.0
35
Latest
- Findings
- 154
- Errors
- 32
- Warnings
- 122
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 19, 2026Latest | 35 | 154 | 32 | 122 | v5.29.0 | 2.0.0 | 2026.06-mvp-static-v2 |
