Subscribe to Comments allows commenters on an entry to subscribe to e-mail notifications for subsequent comments.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
182
11 issue groups
Maintainability
72
10 issue groups
I18n
34
4 issue groups
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<li>($ccount) <a href='"'.54
- Category
- Security
- Occurrences
- 54
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<li>($ccount) <a href='"'.
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.27
- Category
- Maintainability
- Occurrences
- 27
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.27
- Category
- Security
- Occurrences
- 27
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.26
- Category
- I18n
- Occurrences
- 26
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().25
- Category
- Maintainability
- Occurrences
- 25
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.20
- Category
- Security
- Occurrences
- 20
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE['comment_author_email_'. COOKIEHASH]17
- Category
- Security
- Occurrences
- 17
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_COOKIE['comment_author_email_'. COOKIEHASH]
WARNINGSecurityRequest data is not unslashed$_COOKIE['comment_author_email_'. COOKIEHASH] not unslashed before sanitization. Use wp_unslash() or similar16
- Category
- Security
- Occurrences
- 16
- Severity
- warning
Sample message
$_COOKIE['comment_author_email_'. COOKIEHASH] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $post->post_author at "SELECT * FROM $wpdb->users WHERE ID = $post->post_author"13
- Category
- Security
- Occurrences
- 13
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $post->post_author at "SELECT * FROM $wpdb->users WHERE ID = $post->post_author"
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.13
- Category
- Security
- Occurrences
- 13
- Severity
- warning
Sample message
Processing form data without nonce verification.
Show 15 moreShow less
WARNINGSecurityDatabase parameter is not escaped9
- Category
- Security
- Occurrences
- 9
- Severity
- warning
Sample message
Unescaped parameter $this->ms_table used in $wpdb->get_col()
WARNINGSecurityInput is not validated9
- Category
- Security
- Occurrences
- 9
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_GET['subscribeid']. Check that the array index exists before using it.
ERRORI18nMissing Arg Domain6
- Category
- I18n
- Occurrences
- 6
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
ERRORMaintainabilityrand rand5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
rand() is discouraged. Use the far less predictable wp_rand() instead.
WARNINGMaintainabilityDeprecated function: get_currentuserinfo4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
get_currentuserinfo() has been deprecated since WordPress version 4.5.0. Use wp_get_current_user() instead.
ERRORMaintainabilitywp function not compatible with requires wp4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
Function "add_settings_error()" requires WordPress 3.0.0, but your plugin minimum supported version is WordPress 2.9.0.
ERRORSecurityDatabase parameter is not escaped3
- Category
- Security
- Occurrences
- 3
- Severity
- error
Sample message
Unescaped parameter $post->post_author used in $wpdb->get_row()\n$post->post_author used without escaping.
WARNINGMaintainabilityslow db query meta value2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Detected usage of meta_value, possible slow query.
WARNINGMaintainabilityDeprecated function: screen_icon2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
screen_icon() has been deprecated since WordPress version 3.8.0.
WARNINGMaintainabilitySchema Change1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Attempting a database schema change is discouraged.
WARNINGMaintainabilityslow db query meta key1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Detected usage of meta_key, possible slow query.
WARNINGSecuritywp redirect wp redirect1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
WARNINGMaintainabilityDiscouraged PHP function1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
query_posts() is discouraged. Use WP_Query instead.
WARNINGI18nNo Html Wrapped Strings1
- Category
- I18n
- Occurrences
- 1
- Severity
- warning
Sample message
Translatable string should not be wrapped in HTML. Found: '<strong>Error: </strong>'
ERRORI18nText Domain Mismatch1
- Category
- I18n
- Occurrences
- 1
- Severity
- error
Sample message
Mismatched text domain. Expected 'subscribe-to-comments' but got 'subscribe_to_comments'.
External Connections
Not analyzed yet.
Score History
First score snapshot
v2.3.1
36
Latest
- Findings
- 292
- Errors
- 129
- Warnings
- 163
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 36 | 292 | 129 | 163 | v2.3.1 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.