PluginScore

Masonry Widget

The SiteOrigin Masonry plugin gives you a widget that you can use to display your posts. It gives you a widget you can add to your Page Builder pages …

v1.0.3Greg - SiteOriginUpdated Added 500 installs100% rating
gallerywidget
41
Score
58
Errors
11
Warnings
+0
Change

Category Scores

Security0
Repo91
Performance98
Maintainability89

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

69 findings

Security

54

5 issue groups

Maintainability

9

5 issue groups

I18n

3

1 issue group

Repo Compliance

2

2 issue groups

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$args['after_title']'.33
Category
Security
Occurrences
33
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$args['after_title']'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.16
Category
Security
Occurrences
16
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunctionReference
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.3
Category
I18n
Occurrences
3
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsCommentReference
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST['_so_masonry_nonce']2
Category
Security
Occurrences
2
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_POST['_so_masonry_nonce']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityRequest data is not unslashed$_POST['_so_masonry_nonce'] not unslashed before sanitization. Use wp_unslash() or similar2
Category
Security
Occurrences
2
Severity
warning

Sample message

$_POST['_so_masonry_nonce'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGMaintainabilityNot In FooterIn footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WordPress.WP.EnqueuedResourceParameters.NotInFooter
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$settings".1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$settings".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_POST['masonry_post']. Check that the array index exists before using it.1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['masonry_post']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
WARNINGPerformancePost Not In post not inUsing exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.1
Category
Performance
Occurrences
1
Severity
warning

Sample message

Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.

WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in
Show 4 more
WARNINGMaintainabilitymismatched plugin name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Plugin name "Masonry Widget" is different from the name declared in plugin header "SiteOrigin Masonry".

mismatched_plugin_nameReference
ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 3.7 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_headerReference
WARNINGRepo Compliancereadme parser warnings no short description present1
Category
Repo Compliance
Occurrences
1
Severity
warning

Sample message

The "Short Description" section is missing. An excerpt was generated from your main plugin description.

readme_parser_warnings_no_short_description_present
ERRORMaintainabilitytrunk stable tag1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Incorrect Stable Tag. It's recommended not to use "Stable Tag: trunk". Your Stable Tag is meant to be the stable version of your plugin and it needs to be exactly the same with the Version in your main plugin file's header. Any mismatch can prevent users from downloading the correct plugin files from WordPress.org.

trunk_stable_tagReference

External Connections

Potential connections found in static code analysis.

5 domains

Outbound calls

8

External assets

0

Incoming endpoints

0

Notable Domains

groups.google.com1 · outbound
masonry.desandro.com1 · outbound
siteorigin.com1 · outbound

Platform / Reference Domains

github.com4 · platform/reference
codex.wordpress.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Score History

First score snapshot

v1.0.3

41

Latest

Findings
69
Errors
58
Warnings
11
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

29 nodes

Related Plugins

3D Viewer – Display Interactive 3D Models

9k+ active installs

100
Crypto Converter ⚡ Widget

1k+ active installs

100
Exchange Rates Widget

1k+ active installs

100
Gallery with thumbnail slider

3k+ active installs

100
Lightbox Images for Divi Enhanced

4k+ active installs

100
Shortcode Widget

10k+ active installs

100