PluginScore

Text Replace

Replace text with other text. Handy for creating shortcuts to common, lengthy, or frequently changing text/HTML, or for smilies.

v4.0Scott ReillyUpdated Added 3k+ installs88% rating
coffee2codereplaceshortcutsubstitutiontext
41
Score
55
Errors
12
Warnings
+0
Change

Category Scores

Security0
Repo94
Performance100
Maintainability84

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

67 findings

Security

47

8 issue groups

Maintainability

10

8 issue groups

I18n

9

2 issue groups

Repo Compliance

1

1 issue group

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<input type='checkbox' {$attribs} value='{$sopt}' "'.36
Category
Security
Occurrences
36
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<input type='checkbox' {$attribs} value='{$sopt}' "'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.8
Category
I18n
Occurrences
8
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsCommentReference
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.3
Category
Security
Occurrences
3
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'.2
Category
Security
Occurrences
2
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'.

WordPress.Security.EscapeOutput.ExceptionNotEscapedReference
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.2
Category
Security
Occurrences
2
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunctionReference
ERRORMaintainabilityapplication detectedApplication files are not permitted.2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Application files are not permitted.

application_detected
WARNINGMaintainabilityunexpected markdown fileUnexpected markdown file "DEVELOPER-DOCS.md" detected in plugin root. Only specific markdown files are expected in production plugins.2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Unexpected markdown file "DEVELOPER-DOCS.md" detected in plugin root. Only specific markdown files are expected in production plugins.

unexpected_markdown_file
WARNINGI18nDiscouraged text-domain loadingload_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.1
Category
I18n
Occurrences
1
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFoundReference
ERRORMaintainabilityNot AllowedUse of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead

PluginCheck.CodeAnalysis.Heredoc.NotAllowed
WARNINGMaintainabilityDiscouraged PHP functionThe use of function ini_set() is discouraged1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

The use of function ini_set() is discouraged

Squiz.PHP.DiscouragedFunctions.Discouraged
Show 9 more
WARNINGMaintainabilityprevent path disclosure error reporting1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

error_reporting() can lead to full path disclosure.

WordPress.PHP.DevelopmentFunctions.prevent_path_disclosure_error_reporting
ERRORSecurityHeredoc Output Not Escaped1
Category
Security
Occurrences
1
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found interpolation in unescaped heredoc.

WordPress.Security.EscapeOutput.HeredocOutputNotEscapedReference
WARNINGSecurityInput is not sanitized1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_SERVER[&#039;PHP_SELF&#039;]

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityInput is not validated1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_SERVER[&#039;PHP_SELF&#039;]. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
WARNINGSecurityRequest data is not unslashed1
Category
Security
Occurrences
1
Severity
warning

Sample message

$_SERVER[&#039;PHP_SELF&#039;] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGMaintainabilityDeprecated function: add_option_whitelist1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

add_option_whitelist() has been deprecated since WordPress version 5.5.0. Use add_allowed_options() instead.

WordPress.WP.DeprecatedFunctions.add_option_whitelistFound
ERRORMaintainabilityMissing direct file access protection1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 5.7 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_headerReference
ERRORMaintainabilitywp function not compatible with requires wp1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Function "add_allowed_options()" requires WordPress 5.5.0, but your plugin minimum supported version is WordPress 4.9.0.

wp_function_not_compatible_with_requires_wpReference

Score History

First score snapshot

v4.0

41

Latest

Findings
67
Errors
55
Warnings
12
Check
2.0.0

Related Plugins

Configure SMTP

6k+ active installs

99
Disable Search

40k+ active installs

99
One Click Close Comments

4k+ active installs

99
Save with keyboard

3k+ active installs

98
Search & Replace Everything by WPCode – Find and Replace Media, Text, Links, and More

20k+ active installs

97
Remove Footer Credit

70k+ active installs

85