SliceWP is the quickest and easiest WordPress affiliates plugin for building your affiliate program. Track affiliate commissions, easily pay your affi …
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
2,783
10 issue groups
Maintainability
329
11 issue groups
I18n
218
4 issue groups
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" data-wp-lists='list:$singular'"'.1,011
- Category
- Security
- Occurrences
- 1,011
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" data-wp-lists='list:$singular'"'.
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.535
- Category
- Security
- Occurrences
- 535
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityRequest data is not unslashed$_COOKIE['wp-resetpass-' . COOKIEHASH] not unslashed before sanitization. Use wp_unslash() or similar479
- Category
- Security
- Occurrences
- 479
- Severity
- warning
Sample message
$_COOKIE['wp-resetpass-' . COOKIEHASH] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE['wp-resetpass-' . COOKIEHASH]339
- Category
- Security
- Occurrences
- 339
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_COOKIE['wp-resetpass-' . COOKIEHASH]
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.287
- Category
- Security
- Occurrences
- 287
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$account_commission_statuses".223
- Category
- Maintainability
- Occurrences
- 223
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$account_commission_statuses".
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.93
- Category
- I18n
- Occurrences
- 93
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().63
- Category
- I18n
- Occurrences
- 63
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
WARNINGSecuritywp redirect wp redirectwp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.54
- Category
- Security
- Occurrences
- 54
- Severity
- warning
Sample message
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_GET['payment_id']. Check that the array index exists before using it.40
- Category
- Security
- Occurrences
- 40
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_GET['payment_id']. Check that the array index exists before using it.
Show 15 moreShow less
ERRORI18nNon Singular String Literal Text31
- Category
- I18n
- Occurrences
- 31
- Severity
- error
Sample message
The $text parameter must be a single text string literal. Found: $option_name
ERRORI18nUnordered Placeholders Text31
- Category
- I18n
- Occurrences
- 31
- Severity
- error
Sample message
Multiple placeholders in translatable strings should be ordered. Expected "%1$d, %2$s", but got "%d, %s" in 'Showing all the commissions from Payout #%d.<br><a href="%s">View all commissions.</a><br><br>'.
WARNINGSecurityInterpolated SQL is not prepared28
- Category
- Security
- Occurrences
- 28
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $extra_checks at \t\t\t$extra_checks\n
WARNINGMaintainabilityDirect Query18
- Category
- Maintainability
- Occurrences
- 18
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo Caching17
- Category
- Maintainability
- Occurrences
- 17
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORMaintainabilitydate date17
- Category
- Maintainability
- Occurrences
- 17
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
WARNINGMaintainabilityNot In Footer15
- Category
- Maintainability
- Occurrences
- 15
- Severity
- warning
Sample message
In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.
WARNINGMaintainabilityNon-prefixed hook name11
- Category
- Maintainability
- Occurrences
- 11
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'puc_request_info_options-'.$this->slug".
ERRORSecurityDatabase parameter is not escaped7
- Category
- Security
- Occurrences
- 7
- Severity
- error
Sample message
Unescaped parameter $clauses['distinct'] used in $wpdb->get_results()\n$clauses['distinct'] used without escaping.
WARNINGMaintainabilityMissing Version7
- Category
- Maintainability
- Occurrences
- 7
- Severity
- warning
Sample message
Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.
WARNINGMaintainabilityslow db query meta key6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- warning
Sample message
Detected usage of meta_key, possible slow query.
WARNINGMaintainabilityslow db query meta value6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- warning
Sample message
Detected usage of meta_value, possible slow query.
WARNINGMaintainabilityNon-prefixed function5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_slicewp_array_assoc_push_after_key".
ERRORMaintainabilityparse url parse url4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
ERRORSecurityUnsafe printing function3
- Category
- Security
- Occurrences
- 3
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
Score History
First score snapshot
v1.2.9
25
Latest
- Findings
- 3,356
- Errors
- 1,275
- Warnings
- 2,081
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 25 | 3,356 | 1,275 | 2,081 | v1.2.9 | 2.0.0 |
Related Plugins
4k+ active installs
10k+ active installs
10k+ active installs
1k+ active installs
4k+ active installs