Sticky Floating Forms Lite

Sticky Floating Forms WordPress plugin allows you to add CTA buttons on your website and when the user clicks on that buttons it will display contact …

v1.1.1codeworkwebUpdated Added 900 installs92% rating
54
Score
26
Errors
29
Warnings
+0
Change

Category Scores

Security24
Repo91
Performance100
Maintainability88

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

55 findings

Security

24

5 issue groups

Maintainability

15

2 issue groups

I18n

14

4 issue groups

Repo Compliance

2

2 issue groups

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$cf7_form_list".8
Category
Maintainability
Occurrences
8
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$cf7_form_list".

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST['security']7
Category
Security
Occurrences
7
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_POST['security']

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;7
Category
Maintainability
Occurrences
7
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

ERRORI18nMissing Arg DomainMissing $domain parameter in function call to esc_attr_e().6
Category
I18n
Occurrences
6
Severity
error

Sample message

Missing $domain parameter in function call to esc_attr_e().

ERRORI18nNon Singular String Literal TextThe $text parameter must be a single text string literal. Found: $settings['button_text']6
Category
I18n
Occurrences
6
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $settings['button_text']

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$encoded'.5
Category
Security
Occurrences
5
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$encoded'.

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.5
Category
Security
Occurrences
5
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityRequest data is not unslashed$_POST['security'] not unslashed before sanitization. Use wp_unslash() or similar5
Category
Security
Occurrences
5
Severity
warning

Sample message

$_POST['security'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_POST['security']. Check that the array index exists before using it.2
Category
Security
Occurrences
2
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['security']. Check that the array index exists before using it.

WARNINGI18nDiscouraged text-domain loadingload_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.1
Category
I18n
Occurrences
1
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

Show 3 more
ERRORI18nText Domain Mismatch1
Category
I18n
Occurrences
1
Severity
error

Sample message

Mismatched text domain. Expected 'sticky-floating-forms-lite' but got 'sticky-floating-forms-lite.'.

ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.8 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

WARNINGRepo Compliancereadme parser warnings no short description present1
Category
Repo Compliance
Occurrences
1
Severity
warning

Sample message

The "Short Description" section is missing. An excerpt was generated from your main plugin description.

External Connections

Potential connections found in static code analysis.

4 domains

Outbound calls

9

External assets

0

Incoming endpoints

1

Notable Domains

codeworkweb.com6 · outbound

Platform / Reference Domains

gnu.org1 · platform/reference
w3.org1 · platform/reference
wordpress.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints1
wp_ajax_plugin_ajax_notice_handlerauthenticated

wp_ajax

Score History

First score snapshot

v1.1.1

54

Latest

Findings
55
Errors
26
Warnings
29
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

30 nodes

Related Plugins

DS CF7 Math Captcha

10k+ active installs

100
100
Style Contact Form 7

1k+ active installs

100
Masks Form Fields

9k+ active installs

99