The Spin Wheel plugin allows you to engage your visitors with an interactive spinning wheel that offers coupons and other rewards.
Prioritized issue groups from the latest Plugin Check scan
Security
754
12 issue groups
Maintainability
193
10 issue groups
I18n
39
3 issue groups
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$active_class'.
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$admin_entries".
Sample message
$_GET['nonce'] not unslashed before sanitization. Use wp_unslash() or similar
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
Sample message
Use of a direct database call is discouraged.
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Sample message
Detected usage of a non-sanitized input variable: $_GET['nonce']
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "SWP_Admin".
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $placeholders at "DELETE FROM {$wpdb->prefix}swp_entries WHERE id IN ($placeholders)"
Sample message
Processing form data without nonce verification.
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "swp_admin_wheel_form_tab_footer".
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "swp_admin_field_label".
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
Sample message
Unescaped parameter $this->entries_table used in $wpdb->get_row()
Sample message
Detected usage of a possibly undefined superglobal array index: $_POST['swp_form_settings']['description']. Check that the array index exists before using it.
Sample message
The $domain parameter must be a single text string literal. Found: $this->settings['text_domain']
Sample message
Unescaped parameter $query used in $wpdb->get_results()\n$query assigned unsafely at line 171.
Sample message
Use placeholders and $wpdb->prepare(); found $query
Sample message
Processing form data without nonce verification.
Sample message
Multiple placeholders in translatable strings should be ordered. Expected "%1$d, %2$d", but got "%d, %d" in 'There are <strong>%d entries</strong> older than %d days that will be deleted in the next cleanup.'.
Sample message
Attempting a database schema change is discouraged.
Sample message
Replacement variables found, but no valid placeholders found in the query.
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$feature_map[$feature]".
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
Potential connections found in static code analysis.
Outbound calls
41
External assets
0
Incoming endpoints
18
No external asset domains detected.
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
3 more hidden
First score snapshot
v2.2.2
33
Latest
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 33 | 993 | 680 | 313 | v2.2.2 | 2.0.0 |
Author, categories, issues, domains, and nearby plugins.