SureDash – Community, Courses & Member Dashboard

Build a community right inside WordPress. Discussion spaces, courses, member profiles, and a beautiful dashboard — no coding needed.

v1.9.3Brainstorm ForceUpdated Added 1k+ installs88% rating
25
Score
422
Errors
805
Warnings
+0
Change

Category Scores

Security0
Repo100
Performance100
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

1,227 findings

Maintainability

727

14 issue groups

I18n

252

2 issue groups

Security

239

9 issue groups

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_wp_current_template_content".328
Category
Maintainability
Occurrences
328
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_wp_current_template_content".

ERRORI18nText Domain MismatchMismatched text domain. Expected 'suredash' but got 'action-scheduler'.223
Category
I18n
Occurrences
223
Severity
error

Sample message

Mismatched text domain. Expected 'suredash' but got 'action-scheduler'.

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.116
Category
Maintainability
Occurrences
116
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().109
Category
Maintainability
Occurrences
109
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"HTTP method {$name} is not supported."'.85
Category
Security
Occurrences
85
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"HTTP method {$name} is not supported."'.

WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'wp_query_builder_column_builder_' . $this->id".73
Category
Maintainability
Occurrences
73
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'wp_query_builder_column_builder_' . $this->id".

ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $column51
Category
Security
Occurrences
51
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $column

WARNINGSecurityRequest data is not unslashed$_COOKIE['suredashColorSwitcherExists'] not unslashed before sanitization. Use wp_unslash() or similar44
Category
Security
Occurrences
44
Severity
warning

Sample message

$_COOKIE['suredashColorSwitcherExists'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "as_enqueue_async_action".36
Category
Maintainability
Occurrences
36
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "as_enqueue_async_action".

ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().29
Category
I18n
Occurrences
29
Severity
error

Sample message

Missing $domain parameter in function call to __().

Show 15 more
WARNINGSecurityDatabase parameter is not escaped26
Category
Security
Occurrences
26
Severity
warning

Sample message

Unescaped parameter $column_name used in $wpdb->get_var()

WARNINGMaintainabilityNon-prefixed class18
Category
Maintainability
Occurrences
18
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "BSF_Admin_Notices".

ERRORSecurityDatabase parameter is not escaped14
Category
Security
Occurrences
14
Severity
error

Sample message

Unescaped parameter $query used in $wpdb->get_col()\n$query assigned unsafely at line 1001.

WARNINGMaintainabilityDynamic hook name11
Category
Maintainability
Occurrences
11
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$hook".

WARNINGSecurityReplacements Wrong Number9
Category
Security
Occurrences
9
Severity
warning

Sample message

Incorrect number of replacements passed to $wpdb->prepare(). Found 1 replacement parameters, expected 2.

WARNINGMaintainabilityslow db query meta key7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Detected usage of meta_key, possible slow query.

ERRORMaintainabilityMissing direct file access protection7
Category
Maintainability
Occurrences
7
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

ERRORMaintainabilitywp function not compatible with requires wp7
Category
Maintainability
Occurrences
7
Severity
error

Sample message

Function "_wp_connectors_get_api_key_source()" requires WordPress 7.0.0, but your plugin minimum supported version is WordPress 6.6.0.

WARNINGMaintainabilityslow db query meta query5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Detected usage of meta_query, possible slow query.

WARNINGMaintainabilityslow db query tax query4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Detected usage of tax_query, possible slow query.

WARNINGSecurityNonce verification recommended4
Category
Security
Occurrences
4
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityDiscouraged PHP function3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

The use of function ini_set() is discouraged

WARNINGSecurityInterpolated SQL is not prepared3
Category
Security
Occurrences
3
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable {$order} at "SELECT action_id from {$wpdb->actionscheduler_actions} {$where} {$order} LIMIT %d FOR UPDATE{$skip_locked}"

WARNINGMaintainabilityNon-prefixed constant3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "BSF_ANALYTICS_URI".

ERRORSecurityOutput is not escaped3
Category
Security
Occurrences
3
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wc_help_tip'.

External Connections

Potential connections found in static code analysis.

31 domains

Outbound calls

291

External assets

4

Incoming endpoints

5

Notable Domains

xdsoft.net188 · outbound
google.com5 · outbound
php.net5 · outbound
actionscheduler.org4 · outbound
graph.facebook.com3 · outbound

Platform / Reference Domains

w3.org26 · platform/reference
github.com18 · platform/reference
wordpress.org4 · platform/reference
core.trac.wordpress.org2 · platform/reference
developer.wordpress.org1 · platform/reference
gnu.org1 · platform/reference

External Asset Domains

accounts.google.com4 · asset + outbound
fonts.googleapis.com3 · asset + outbound

Incoming Endpoints

wp_ajax_nopriv_public

wp_ajax

wp_ajax_nopriv_suredash_lost_passwordpublic

wp_ajax

wp_ajax_nopriv_suredash_reset_passwordpublic

wp_ajax

Admin AJAX endpoints2
wp_ajax_suredash_lost_passwordauthenticated

wp_ajax

wp_ajax_suredash_reset_passwordauthenticated

wp_ajax

Score History

First score snapshot

v1.9.3

25

Latest

Findings
1,227
Errors
422
Warnings
805
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related

Related Plugins