SpeakOut! Email Petitions makes it easy to add petitions to your website and rally your community to Speak Out about a cause by using direct action.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
1,332
10 issue groups
Maintainability
462
12 issue groups
I18n
16
2 issue groups
Supply Chain
5
1 issue group
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.318
- Category
- Security
- Occurrences
- 318
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.261
- Category
- Security
- Occurrences
- 261
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Since $package $version: "'.217
- Category
- Security
- Occurrences
- 217
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Since $package $version: "'.
WARNINGSecurityRequest data is not unslashed$_GET['b'] not unslashed before sanitization. Use wp_unslash() or similar172
- Category
- Security
- Occurrences
- 172
- Severity
- warning
Sample message
$_GET['b'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$__composer_autoload_files".162
- Category
- Maintainability
- Occurrences
- 162
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$__composer_autoload_files".
ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$name not found on class"'.93
- Category
- Security
- Occurrences
- 93
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$name not found on class"'.
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.81
- Category
- Maintainability
- Occurrences
- 81
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().79
- Category
- Maintainability
- Occurrences
- 79
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORSecurityDatabase parameter is not escapedUnescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 127.76
- Category
- Security
- Occurrences
- 76
- Severity
- error
Sample message
Unescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 127.
ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $sql76
- Category
- Security
- Occurrences
- 76
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $sql
Show 15 moreShow less
WARNINGSecurityInput is not validated71
- Category
- Security
- Occurrences
- 71
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_GET["siglist"]. Check that the array index exists before using it.
ERRORMaintainabilityMissing direct file access protection40
- Category
- Maintainability
- Occurrences
- 40
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGSecurityNonce verification recommended29
- Category
- Security
- Occurrences
- 29
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORMaintainabilityfile system operations fopen29
- Category
- Maintainability
- Occurrences
- 29
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
WARNINGMaintainabilityerror log error log26
- Category
- Maintainability
- Occurrences
- 26
- Severity
- warning
Sample message
error_log() found. Debug code should not normally be used in production.
WARNINGSecurityInput is not sanitized19
- Category
- Security
- Occurrences
- 19
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_GET['petition']
ERRORMaintainabilitydate date18
- Category
- Maintainability
- Occurrences
- 18
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
ERRORI18nMissing Arg Domain12
- Category
- I18n
- Occurrences
- 12
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
WARNINGMaintainabilityNo PHP code found8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- warning
Sample message
No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.
WARNINGMaintainabilityNon-prefixed function5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_fail_early".
WARNINGMaintainabilityNon-prefixed hook name5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "speakout_after_confirmation_sent".
WARNINGMaintainabilityNot In Footer5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- warning
Sample message
In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.
ERRORSupply ChainHidden files included5
- Category
- Supply Chain
- Occurrences
- 5
- Severity
- error
Sample message
Hidden files are not permitted.
ERRORMaintainabilityfile system operations fclose4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
ERRORI18nNon Singular String Literal Text4
- Category
- I18n
- Occurrences
- 4
- Severity
- error
Sample message
The $text parameter must be a single text string literal. Found: $option_notice
External Connections
Not analyzed yet.
Score History
First score snapshot
v4.6.5.1
20
Latest
- Findings
- 1,844
- Errors
- 850
- Warnings
- 994
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 20 | 1,844 | 850 | 994 | v4.6.5.1 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.