Enhance your WordPress site with our AI Powered customer support ticket system. Manage customer support, tickets, and email tickets efficiently.
Category Scores
Top Issues by Category
maintainability1,247
security544
Issues Details
1,791 issues found in latest scan
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Unescaped parameter $agent_map[$old_id] used in $wpdb->get_row()\n$agent_map[$old_id] used without escaping.
Detected usage of meta_query, possible slow query.
Use placeholders and $wpdb->prepare(); found interpolated variable $column at "$column LIKE %s"
Attempting a database schema change is discouraged.
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$filename".
Replacement variables found, but no valid placeholders found in the query.
Detected usage of meta_key, possible slow query.
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "after_set_add_agent".
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$hook".
Unescaped parameter $this->slug used in $wpdb->query()
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "convert_sec_to_date_interval_string".
Plugin Updater detected. These are not permitted in WordPress.org hosted plugins. Detected: class WPSC_EDD_SL_Plugin_Updater
Plugin Updater detected. Detected code which may be altering WordPress update routines. Detected: _site_transient_update_plugins
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "PSM_Support_Candy".
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "$name".
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: rmdir().
Plugin name "SupportCandy - Helpdesk & Customer Support Ticket System" is different from the name declared in plugin header "SupportCandy".
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 529 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 420 |
| WordPress.DB.PreparedSQL.NotPrepared | ERROR | Use placeholders and $wpdb->prepare(); found $agent_map | 241 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | ERROR | Unescaped parameter $agent_map[$old_id] used in $wpdb->get_row()\n$agent_map[$old_id] used without escaping. | 173 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_query | WARNING | Detected usage of meta_query, possible slow query. | 139 |
| WordPress.DB.PreparedSQL.InterpolatedNotPrepared | WARNING | Use placeholders and $wpdb->prepare(); found interpolated variable $column at "$column LIKE %s" | 116 |
| WordPress.DB.DirectDatabaseQuery.SchemaChange | WARNING | Attempting a database schema change is discouraged. | 93 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$filename". | 19 |
| WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare | WARNING | Replacement variables found, but no valid placeholders found in the query. | 11 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_key | WARNING | Detected usage of meta_key, possible slow query. | 10 |
| WordPress.WP.AlternativeFunctions.file_system_operations_mkdir | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir(). | 6 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 6 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "after_set_add_agent". | 5 |
| WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$hook". | 4 |
| badly_named_files | ERROR | File and folder names must not contain spaces or special characters. | 4 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter $this->slug used in $wpdb->query() | 3 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound | WARNING | Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "convert_sec_to_date_interval_string". | 3 |
| plugin_updater_detected | ERROR | Plugin Updater detected. These are not permitted in WordPress.org hosted plugins. Detected: class WPSC_EDD_SL_Plugin_Updater | 2 |
| update_modification_detected | WARNING | Plugin Updater detected. Detected code which may be altering WordPress update routines. Detected: _site_transient_update_plugins | 2 |
| Generic.PHP.ForbiddenFunctions.Found | ERROR | The use of function move_uploaded_file() is forbidden | 1 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound | WARNING | Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "PSM_Support_Candy". | 1 |
| WordPress.NamingConventions.PrefixAllGlobals.VariableConstantNameFound | WARNING | Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "$name". | 1 |
| WordPress.WP.AlternativeFunctions.file_system_operations_rmdir | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: rmdir(). | 1 |
| mismatched_plugin_name | WARNING | Plugin name "SupportCandy - Helpdesk & Customer Support Ticket System" is different from the name declared in plugin header "SupportCandy". | 1 |
Latest Snapshot
Findings
1,791
Errors
434
Warnings
1,357
Score History
First score snapshot
First scan completed Jun 20, 2026
v3.4.8 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v3.4.8
25
Latest
- Findings
- 1,791
- Errors
- 434
- Warnings
- 1,357
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 25 | 1,791 | 434 | 1,357 | v3.4.8 | 2.0.0 | 2026.06-mvp-static-v2 |
