SpeakOut! Email Petitions

SpeakOut! Email Petitions makes it easy to add petitions to your website and rally your community to Speak Out about a cause by using direct action.

v4.6.5.1RopeSwingHldUpdated Added 3k+ installs96% rating
20
Score
850
Errors
994
Warnings
+0
Change

Category Scores

Security0
Repo67
Performance100
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

1,844 findings

Security

1,332

10 issue groups

Maintainability

462

12 issue groups

I18n

16

2 issue groups

Supply Chain

5

1 issue group

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.318
Category
Security
Occurrences
318
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.261
Category
Security
Occurrences
261
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Since $package $version: "'.217
Category
Security
Occurrences
217
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Since $package $version: "'.

WARNINGSecurityRequest data is not unslashed$_GET['b'] not unslashed before sanitization. Use wp_unslash() or similar172
Category
Security
Occurrences
172
Severity
warning

Sample message

$_GET['b'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$__composer_autoload_files".162
Category
Maintainability
Occurrences
162
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$__composer_autoload_files".

ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$name not found on class"'.93
Category
Security
Occurrences
93
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$name not found on class"'.

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.81
Category
Maintainability
Occurrences
81
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().79
Category
Maintainability
Occurrences
79
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

ERRORSecurityDatabase parameter is not escapedUnescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 127.76
Category
Security
Occurrences
76
Severity
error

Sample message

Unescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 127.

ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $sql76
Category
Security
Occurrences
76
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $sql

Show 15 more
WARNINGSecurityInput is not validated71
Category
Security
Occurrences
71
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET["siglist"]. Check that the array index exists before using it.

ERRORMaintainabilityMissing direct file access protection40
Category
Maintainability
Occurrences
40
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGSecurityNonce verification recommended29
Category
Security
Occurrences
29
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORMaintainabilityfile system operations fopen29
Category
Maintainability
Occurrences
29
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

WARNINGMaintainabilityerror log error log26
Category
Maintainability
Occurrences
26
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

WARNINGSecurityInput is not sanitized19
Category
Security
Occurrences
19
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['petition']

ERRORMaintainabilitydate date18
Category
Maintainability
Occurrences
18
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

ERRORI18nMissing Arg Domain12
Category
I18n
Occurrences
12
Severity
error

Sample message

Missing $domain parameter in function call to __().

WARNINGMaintainabilityNo PHP code found8
Category
Maintainability
Occurrences
8
Severity
warning

Sample message

No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.

WARNINGMaintainabilityNon-prefixed function5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_fail_early".

WARNINGMaintainabilityNon-prefixed hook name5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "speakout_after_confirmation_sent".

WARNINGMaintainabilityNot In Footer5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

ERRORSupply ChainHidden files included5
Category
Supply Chain
Occurrences
5
Severity
error

Sample message

Hidden files are not permitted.

ERRORMaintainabilityfile system operations fclose4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

ERRORI18nNon Singular String Literal Text4
Category
I18n
Occurrences
4
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $option_notice

External Connections

Not analyzed yet.

Score History

First score snapshot

v4.6.5.1

20

Latest

Findings
1,844
Errors
850
Warnings
994
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

29 nodes

Related Plugins

Contact Form Query

1k+ active installs

100
Configure SMTP

6k+ active installs

99
Email Address Obfuscation

2k+ active installs

99
Stop WP Emails Going to Spam

10k+ active installs

99